[netsa-tools-discuss] IPFIX analysis using SiLK
Abhishek Dey
abhishek_dey at outlook.com
Mon Sep 14 08:30:56 EDT 2015
Hello CERT-Netsa,I am using SiLK as an IPFIX collector and analyzer in my project.I need to count the total number of bytes and flows in each time slot of 10 minutes (this may change later) for each key field (eg. sIP, sPort, dIP, dPort etc) which will be an input. The rwcount tool does something similar(--load-scheme=4) but it doesn't have the support for specifying the key fields. Also rwuniq has a similar functionality but it it doesn't break a single record into multiple time slots (where a flow continued for more than one time slot). Therefore I need to know the following i) Is there any other tool that can help me achieve this functionality?ii) Do I need to write any plugin to do the same?iii) Do I need to modify any source code and if yes then which files should I modify?
It would be very helpful if you can provide me with the necessary information. Thank and Regards,Abhishek
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the netsa-tools-discuss
mailing list