Neporadil by mi nekdo nejaky zpusob na inteligentni vypisovani tech udaju a mozne vyhledavani? Neexistuje treba nejaky webserver ktery by ty soubory dokazal inteligentne zpracovat? Kazdy den mi pribyde 700MB dat, tak bych se na ne chtel obcas i podivat. Diky
asi by bolo vhodne potrebne data ukladat do db, a nepotredne vymazat. da sa s prikazom flow-export. staci ci ukladat start, end, srcip, srcport, dstip, dstport. rikaz je nasledovny:
flow-export -f3 -mUNIX_SECS,UNIX_NSECS,SRCADDR,SRCPORT,DSTADDR,DSTPORT -u "user" < flows
na vyber mas aj dalsie:
UNIX_SECS 0x0000000000000001LL
UNIX_NSECS 0x0000000000000002LL
SYSUPTIME 0x0000000000000004LL
EXADDR 0x0000000000000008LL
DFLOWS 0x0000000000000010LL
DPKTS 0x0000000000000020LL
DOCTETS 0x0000000000000040LL
FIRST 0x0000000000000080LL
LAST 0x0000000000000100LL
ENGINE_TYPE 0x0000000000000200LL
ENGINE_ID 0x0000000000000400LL
SRCADDR 0x0000000000001000LL
DSTADDR 0x0000000000002000LL
SRC_PREFIX 0x0000000000004000LL
DST_PREFIX 0x0000000000008000LL
NEXTHOP 0x0000000000010000LL
INPUT 0x0000000000020000LL
OUTPUT 0x0000000000040000LL
SRCPORT 0x0000000000080000LL
DSTPORT 0x0000000000100000LL
PROT 0x0000000000200000LL
TOS 0x0000000000400000LL
TCP_FLAGS 0x0000000000800000LL
SRC_MASK 0x0000000001000000LL
DST_MASK 0x0000000002000000LL
SRC_AS 0x0000000004000000LL
DST_AS 0x0000000008000000LL
IN_ENCAPS 0x0000000010000000LL
OUT_ENCAPS 0x0000000020000000LL
PEER_NEXTHOP 0x0000000040000000LL
ROUTER_SC 0x0000000080000000LL
EXTRA_PKTS 0x0000000100000000LL
MARKED_TOS 0x0000000200000000LL
a nasledne vymazat nepotrebne data. zatial mi to nefunguje, stale pise chybu bash flow not found