[netsa-tools-discuss] where do we go from here?

[Kirk Olson]

Hello and thank you for reviewing my post.

The rwflowpack service is up and running. We are packing files. Here is an example:

root at ho-nflo-p01:/var/silk/data/int2int/2020/03/19
# ls -l int2int-MPSW1*
-rw-r--r--. 1 root root 639631 Mar 18 20:01 int2int-MPSW1_20200319.00
-rw-r--r--. 1 root root 642971 Mar 18 21:01 int2int-MPSW1_20200319.01
-rw-r--r--. 1 root root 707284 Mar 18 22:01 int2int-MPSW1_20200319.02
-rw-r--r--. 1 root root 631120 Mar 18 23:01 int2int-MPSW1_20200319.03
-rw-r--r--. 1 root root 635771 Mar 19 00:01 int2int-MPSW1_20200319.04
-rw-r--r--. 1 root root 632680 Mar 19 01:01 int2int-MPSW1_20200319.05
-rw-r--r--. 1 root root 627672 Mar 19 02:01 int2int-MPSW1_20200319.06
-rw-r--r--. 1 root root 636847 Mar 19 03:01 int2int-MPSW1_20200319.07
-rw-r--r--. 1 root root 634166 Mar 19 04:01 int2int-MPSW1_20200319.08
-rw-r--r--. 1 root root 630384 Mar 19 05:01 int2int-MPSW1_20200319.09
-rw-r--r--. 1 root root 637808 Mar 19 06:01 int2int-MPSW1_20200319.10
...etc

We intend to use Joe Loiacono's FlowViewer/FlowGrapher/FlowMonitor toolset to report on the data. However, it is clear the flow information is not written in a directory structure that this toolset will understand. It appears that the files are not being packed into a directory named after the probe device. I am struggling to understand if that is rwflowpack's job or if we are supposed to be running rwflowappend to write the final directory and hourly flow files from the incremental flow files.

I have looked high and low for an architecture to guide me with no luck. Can you folks provide some guidance? Thank you.
-Kirk