?? flow-stat.html
字號:
<HTML><HEAD><TITLE>flow-stat</TITLE><METANAME="GENERATOR"CONTENT="Modular DocBook HTML Stylesheet Version 1.71"></HEAD><BODYCLASS="REFENTRY"BGCOLOR="#FFFFFF"TEXT="#000000"LINK="#0000FF"VLINK="#840084"ALINK="#0000FF"><H1><ANAME="AEN1"><SPANCLASS="APPLICATION">flow-stat</SPAN></A></H1><DIVCLASS="REFNAMEDIV"><ANAME="AEN6"></A><H2>Name</H2><SPANCLASS="APPLICATION">flow-stat</SPAN> -- Generate reports with flow data.</DIV><DIVCLASS="REFSYNOPSISDIV"><ANAME="AEN10"></A><H2>Synopsis</H2><P><BCLASS="COMMAND">flow-stat</B> [-hnpPw] [-d<TTCLASS="REPLACEABLE"><I> debug_level</I></TT>] [-f<TTCLASS="REPLACEABLE"><I> format</I></TT>] [-S<TTCLASS="REPLACEABLE"><I> sort_field</I></TT>] [-s<TTCLASS="REPLACEABLE"><I> sort_field</I></TT>] [-t<TTCLASS="REPLACEABLE"><I> tally_lines</I></TT>] [-T<TTCLASS="REPLACEABLE"><I> title</I></TT>]</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN26"></A><H2>DESCRIPTION</H2><P>The <BCLASS="COMMAND">flow-stat</B> utility generates usage reports for flowdata sets by IP address, IP address pairs, ports, packets, bytes,interfaces, next hops, autonomous systems, ToS bits, exporters, and tags.</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN30"></A><H2>OPTIONS</H2><P></P><DIVCLASS="VARIABLELIST"><DL><DT>-d<TTCLASS="REPLACEABLE"><I> debug_level</I></TT></DT><DD><P>Enable debugging.</P></DD><DT>-f<TTCLASS="REPLACEABLE"><I> format</I></TT></DT><DD><P><PCLASS="LITERALLAYOUT">Report format. Choose from the following:<br><br> 0 Overall Summary<br> 1 Average packet size distribution<br> 2 Packets per flow distribution<br> 3 Octets per flow distribution<br> 4 Bandwidth per flow distribution<br> 5 UDP/TCP destination port<br> 6 UDP/TCP source port<br> 7 UDP/TCP port<br> 8 Destination IP<br> 9 Source IP<br> 10 Source/Destination IP<br> 11 Source or Destination IP<br> 12 IP protocol<br> 13 octets for flow duration plot data<br> 14 packets for flow duration plot data<br> 15 short summary<br> 16 IP Next Hop<br> 17 Input interface<br> 18 Output interface<br> 19 Source AS<br> 20 Destination AS<br> 21 Source/Destination AS<br> 22 IP ToS<br> 23 Input/Output Interface<br> 24 Source Prefix<br> 25 Destination Prefix<br> 26 Source/Destination Prefix<br> 27 Exporter IP<br> 28 Engine Id<br> 29 Engine Type<br> 30 Source Tag<br> 31 Destination Tag<br> 32 Source/Destination Tag</P></P></DD><DT>-h</DT><DD><P>Display help.</P></DD><DT>-n</DT><DD><P>Use symbolic names where appropriate.</P></DD><DT>-p</DT><DD><P>Display header information.</P></DD><DT>-P</DT><DD><P>Report as percent total.</P></DD><DT>-s<TTCLASS="REPLACEABLE"><I> sort_field</I></TT></DT><DD><P>Sort ascending on field <TTCLASS="REPLACEABLE"><I>sort_field</I></TT>.</P></DD><DT>-S<TTCLASS="REPLACEABLE"><I> sort_field</I></TT></DT><DD><P>Sort descending on field <TTCLASS="REPLACEABLE"><I>sort_field</I></TT>.</P></DD><DT>-t<TTCLASS="REPLACEABLE"><I> tally_lines</I></TT></DT><DD><P>Tally totals every <TTCLASS="REPLACEABLE"><I>tally_lines</I></TT>lines.</P></DD><DT>-T<TTCLASS="REPLACEABLE"><I> title</I></TT></DT><DD><P>Set report title to <TTCLASS="REPLACEABLE"><I>title</I></TT>.</P></DD><DT>-w</DT><DD><P>Wide output.</P></DD></DL></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN88"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN90"></A><P></P><P>Provide a report on top source/destination IP pairs sorted by octets, reportin percent total form for the flows in <TTCLASS="FILENAME">/flows/krc4</TT>.Use the preload option to flow-cat to preserve meta information and display it with flow-stat.</P><P> <BCLASS="COMMAND">flow-cat -p /flows/krc4 | flow-stat -f10 -P -p -S4</B></P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN95"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN97"></A><P></P><P>Many times a campus network will have a single border router which hasone interface pointing to the internal side and many interfaces pointingto other providers. These interfaces each have a unique numerical idknown in SNMP terms as an ifIndex. The ifIndex to interface name mappingscan be determined by using a tool such as <SPANCLASS="APPLICATION">snmpwalk</SPAN>or using show commands in recent versions of IOS with the'show snmp mib ifmib ifindex' or JunOS 'show interfaces'. Once the ifIndexfor each interface is known flow-filter can be combined with flow-stat toprovide reports such as inbound vs outbound top src/destination IPaddresses.Provide a top source IP address report by outbound traffic, ie the topsenders of traffic on the campus network. Assume the ifIndex of thecampus interface is 5.</P><P> flow-cat -p /flows/krc4 | flow-filter -i5 | flow-stat -f9 -P -p -S3 </P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN101"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN103"></A><P></P><P>Provide a top destination IP address report by outbound traffic, ie the topsinks of traffic on the campus network. Assume the ifIndex of thecampus interface is 5.</P><P> flow-cat -p /flows/krc4 | flow-filter -I5 | flow-stat -f8 -P -p -S3 </P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN106"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN108"></A><P></P><P>Provide a top source/destination AS report. Use symbolic names.</P><P> flow-cat -p /flows/krc4 | flow-stat -f20 -n -P -p -S4 </P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN111"></A><H2>BUGS</H2><P>None known.</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN114"></A><H2>AUTHOR</H2><P>Mark Fullmer<TTCLASS="EMAIL"><<AHREF="mailto:maf@splintered.net">maf@splintered.net</A>></TT></P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN121"></A><H2>SEE ALSO</H2><P><SPANCLASS="APPLICATION">flow-tools</SPAN>(1)</P></DIV></BODY></HTML>?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -