[netsa-tools-discuss] pyfixbuf - flow stats
Emily Sarneso
ecoff at cert.org
Mon Jun 13 13:44:29 EDT 2016
Hello Manickam,
I’m not aware of any issue with reading YAF flow stats with ipfixDump or pyfixbuf. When you run ipfixDump, are you using the "--yaf” option? Without this option, fixbuf is unaware of the majority of the information elements and decodes the fields as octet strings and not integers (which means it is not doing any endian conversion.) Similarly, for pyfixbuf, you need to add “pyfixbuf.YAF_FLOW_STATS_LIST” to your information model for the fields to be correctly decoded.
If my above suggestions do not solve your problem, would you mind providing a little more information about the problem you are seeing? It may help if you send me the Python code you are using to read the flow stats. I’m also not sure what you mean by "DPI proto status" with pyfixbuf. It may also help if you provide the version of libfixbuf you are using.
Thanks,
Emily
--------------------
Emily Sarneso
CMU/SEI/CERT
ecoff at cert.org
> On Jun 10, 2016, at 10:10 AM, Manickam <manickam.subbiah at gmail.com> wrote:
>
> Hi all,
>
> pyfixbuf throws garbage values for flow stats. Also the reverse direction stats are not shown up using pyfixbuf. The flow binary was generated using yaf-2.8.4.
>
> I remember yaf-2.7.4 was having some similar issues with flow stats and it got fixed in 2.8.0.
>
> Hence wondering it may be an issue with pyfixbuf. Wish to know if there is any workaround to sort this or any releases in pipeline for the fix?
>
> Also i am not able get DPI proto status with pyfixbuf.
>
> Any help / guidance to solve this is highly appreciated.
>
> Thanks in advance,
> Manickam
More information about the netsa-tools-discuss
mailing list