Instalace flow tools na debianu:
apt-get install flow-tools fprobe
/etc/flow-tools/flow-capture.conf
--------------------------------------------------
-w /log -N 3 -n 275 -S 60 -V 5 -z 9 0/0/555
--------------------------------------------------
mkdir /log
mkdir /log/exporty
data se ukladaji do slozky /log
napr. /log/2009/2009-07/2009-07-29/ft-v05.2009-07-29.XXXXXX+0200
/etc/default/fprobe
------------------------------------------
INTERFACE="eth2"
FLOW_COLLECTOR="localhost"
OTHER_ARGS="-fip"
------------------------------------------
eth2 port je port, na ktery tecou data z monitor portu switche. Lze tam zvolit i interface, prez ktery data tecou.
/etc/init.d/flow-capture restart
/etc/init.d/fprobe restart
A uz by to melo logovat.
Pokud chce prevest skomprimovany log do citelne txt podoby, da se pouzit prikaz
flow-print -f 5 < /log/2009/2009-07/2009-07-29/ft-v05.2009-07-29.XXXXXX+0200 >> /log/exporty/export-xxxxxx.txt
Ja jsem si napsal bashovej skriptik, ktery mi to exportovani trosku ulehci:
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#! /bin/bash
clear
echo ""
echo ""
echo " Exportovani dat z logu:"
echo ""
echo -n " rok: "
read rok
if ; then
echo " rok: `date +%Y`"
rok=`date +%Y`
fi
echo -n " mesic: "
read mesic
if ; then
echo " mesic: `date +%m`"
mesic=`date +%m`
else
if ; then
mesic="0$mesic"
fi
fi
echo -n " den: "
read den
if ; then
echo " den: `date +%d`"
den=`date +%d`
else
if ; then
den="0$den"
fi
fi
echo -n " hodina: "
read hodina
echo -n " minuta: "
read minuta
echo -n " ip: "
read ip
echo -n " port: "
read port
datum=`date +%F-%T`
if ; then
if ; then
hodina="0$hodina"
fi
fi
if ; then
if ; then
minuta="0$minuta"
fi
fi
soubory=`ls /log/$rok/$rok-$mesic/$rok-$mesic-$den|grep $rok-$mesic-$den.$hodina`
echo "" > /log/exporty/export-$datum.txt
echo " *** Export logu z $den.$mesic.$rok, hodina: $hodina, minuta: $minuta, ip: $ip, port: $port. *** " >> /log/exporty/export-$datum.txt
echo "" >> /log/exporty/export-$datum.txt
for soubor in $soubory;
do
if ; then
if ; then
if ; then
flow-print -f 5 < /log/$rok/$rok-$mesic/$rok-$mesic-$den/$soubor|grep .$hodina:$minuta:|grep $ip|grep -w $port >> /log/exporty/export-$datum.txt
else
flow-print -f 5 < /log/$rok/$rok-$mesic/$rok-$mesic-$den/$soubor|grep .$hodina:$minuta:|grep $ip >> /log/exporty/export-$datum.txt
fi
else
if ; then
flow-print -f 5 < /log/$rok/$rok-$mesic/$rok-$mesic-$den/$soubor|grep .$hodina:$minuta:|grep -w $port >> /log/exporty/export-$datum.txt
else
flow-print -f 5 < /log/$rok/$rok-$mesic/$rok-$mesic-$den/$soubor|grep .$hodina:$minuta: >> /log/exporty/export-$datum.txt
fi
fi
else
if ; then
if ; then
flow-print -f 5 < /log/$rok/$rok-$mesic/$rok-$mesic-$den/$soubor|grep $ip|grep -w $port >> /log/exporty/export-$datum.txt
else
flow-print -f 5 < /log/$rok/$rok-$mesic/$rok-$mesic-$den/$soubor|grep $ip >> /log/exporty/export-$datum.txt
fi
else
if ; then
flow-print -f 5 < /log/$rok/$rok-$mesic/$rok-$mesic-$den/$soubor|grep -w $port >> /log/exporty/export-$datum.txt
else
flow-print -f 5 < /log/$rok/$rok-$mesic/$rok-$mesic-$den/$soubor >> /log/exporty/export-$datum.txt
fi
fi
fi
done
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Tak doufam, ze to nekomu pomuze!
Mira