[netsa-tools-discuss] pyfixbuf - flow stats

[Manickam]

Thanks Emily. I got that working. It was my bad code.

Thanks again.
On Jun 13, 2016 11:14 PM, "Emily Sarneso" <ecoff at cert.org> wrote:

> Hello Manickam,
>
> I’m not aware of any issue with reading YAF flow stats with ipfixDump or
> pyfixbuf.  When you run ipfixDump, are you using the "--yaf” option?
> Without this option, fixbuf is unaware of the majority of the information
> elements and decodes the fields as octet strings and not integers (which
> means it is not doing any endian conversion.)  Similarly, for pyfixbuf, you
> need to add “pyfixbuf.YAF_FLOW_STATS_LIST” to your information model for
> the fields to be correctly decoded.
>
>
> If my above suggestions do not solve your problem, would you mind
> providing a little more information about the problem you are seeing? It
> may help if you send me the Python code you are using to read the flow
> stats.  I’m also not sure what you mean by "DPI proto status" with
> pyfixbuf.  It may also help if you provide the version of libfixbuf you are
> using.
>
> Thanks,
>
> Emily
>
>
> --------------------
> Emily Sarneso
> CMU/SEI/CERT
> ecoff at cert.org
>
>
>
>
> > On Jun 10, 2016, at 10:10 AM, Manickam <manickam.subbiah at gmail.com>
> wrote:
> >
> > Hi all,
> >
> > pyfixbuf throws garbage values for flow stats. Also the reverse
> direction stats are not shown up using pyfixbuf. The flow binary was
> generated using yaf-2.8.4.
> >
> > I remember  yaf-2.7.4 was having some similar issues with flow stats and
> it got fixed in 2.8.0.
> >
> > Hence wondering it may be an issue with pyfixbuf. Wish to know if there
> is any workaround to sort this or any releases in pipeline for the fix?
> >
> > Also i am not able get DPI proto status with pyfixbuf.
> >
> > Any help / guidance to solve this is highly appreciated.
> >
> > Thanks in advance,
> > Manickam
>
>
-------------- next part --------------
HTML attachment scrubbed and removed