When trying the 0.67 and 0.68 portage versions of the flow-tools command "flow- report" I am seeing a glitch in the reporting types for: ip-source/destination-address/ip-destination-port ip-destination-address/ip-destination-port Both spool out the column headers, and one line of data, then repeat that same line of data continuously until I hit CRTL-C. When I download the original TARBALL from teh host site, and build it myself, the flow-report reports listed above work as advertized. Reproducible: Always Steps to Reproduce: 1. emerge flow-tools-0.68 2. Capture some version 5 flows from a Cisco Router. I used "flow-capture - w /data/flows -E 25G 0/0/9800" 3. Put this file in /etc/flow-tools/cfg/ level.rpt ---------- start file --------------- include-filter /etc/flow-tools/cfg/portblock.cfg stat-report high-level-rpt type ip-destination-port filter noise output format ascii stat-report low-level-rpt type ip-source/destination-address/ip-destination-port filter noise output format ascii stat-report mid-level-rpt type ip-destination-address/ip-destination-port filter noise output format ascii stat-definition high-level report high-level-rpt stat-definition low-level report low-level-rpt stat-definition mid-level -------------- end file -------------- include the file portblock.cfg ---------- start file -------------- filter-primitive protocols type ip-protocol permit 6 permit 17 default deny filter-primitive snmpdump type ip-port deny 161 deny 162 default permit filter-primitive backnoise type ip-address-mask deny 192.168.0.0 255.255.252.0 deny 224.0.0.0 240.0.0.0 default permit filter-primitive localdest type ip-address-mask deny 172.21.0.0 255.255.0.0 deny 10.0.0.0 255.0.0.0 deny 192.168.0.0 255.255.0.0 default permit filter-definition noise match ip-protocol protocols match ip-source-address backnoise match ip-destination-address backnoise match ip-destination-port snmpdump match ip-destination-address localdest ------- end file ----------------------- Then using this line, observer teh output from one of your flow directories: flow-cat /data/flows/2005/2005-05/2005-05-10/ft* | flow-report -s /etc/flow- tools/cfg/level.rpt -S low-level Actual Results: With the portage version: poindexter bin # flow-cat /data/flows/2005/2005-05/2005-05-10/ft* | flow- report -s /etc/flow-tools/cfg/level.rpt -S low-level # recn: ip-source-address*,ip-destination-address*,ip-destination- port*,flows,octets,packets,duration 172.21.121.90,206.190.44.100,554,1,144,3,1088 172.21.121.90,206.190.44.100,554,1,144,3,1088 172.21.121.90,206.190.44.100,554,1,144,3,1088 172.21.121.90,206.190.44.100,554,1,144,3,1088 172.21.121.90,206.190.44.100,554,1,144,3,1088 172.21.121.90,206.190.44.100,554,1,144,3,1088 172.21.121.90,206.190.44.100,554,1,144,3,1088 172.21.121.90,206.190.44.100,554,1,144,3,1088 172.21.121.90,206.190.44.100,554,1,144,3,1088 172.21.121.90,206.190.44.100,554,1,144,3,1088 ... over and over and over... till I hit CRTL-C Expected Results: With the tarball staright from the home site: ./flow-cat /data/flows/2005/2005-05/2005-05-10/ft* | ./flow-report - s /etc/flow-tools/cfg/level.rpt -S low-level # recn: ip-source-address*,ip-destination-address*,ip-destination- port*,flows,octets,packets,duration 172.21.121.90,206.190.44.100,554,1,144,3,1088 172.21.215.210,66.227.60.20,53,1,198,3,192 172.21.119.33,65.205.8.58,80,4,1803,15,896 172.21.119.33,216.239.57.103,80,2,1009,6,320 172.21.113.75,12.130.60.4,80,2,4877,24,199424 172.21.113.75,38.113.220.23,80,4,104761,1534,278592 172.21.165.61,207.200.113.117,5190,18,439870,1605,3831680 172.21.113.75,216.73.86.58,80,5,8209,40,389376 172.21.119.86,64.236.44.46,80,2,858,10,256 172.21.230.34,65.205.8.13,80,1,722,6,62784 172.21.113.75,38.113.220.22,80,2,2587,16,129024 All different and from what I can tell, all correct data. poindexter bin # emerge info Portage 2.0.51.22 (default-linux/x86/2005.0, gcc-3.3.3, glibc-2.3.5-r0, 2.6.11- gentoo-r4 i686) ================================================================= System uname: 2.6.11-gentoo-r4 i686 Intel(R) Xeon(TM) CPU 3.00GHz Gentoo Base System version 1.6.12 dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.8 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.15.92.0.2-r1, 2.15.92.0.2-r9 sys-devel/libtool: 1.4.3-r4, 1.5.16 virtual/os-headers: 2.6.8.1-r1, 2.6.11 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X 11/xkb /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig candy distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://mirrors.tds.net/gentoo ftp://mirrors.tds.net/gentoo http://gentoo.ccccom.com" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X alsa apache2 avi berkdb bitmap-fonts crypt cups dlloader dmx emboss encode font-server foomaticdb fortran gd gdbm gif gnome gpm gtk gtk2 gtkhtml imlib jpeg libg++ libwww mad mbox mikmod milter motif mp3 mpeg ncurses nls nptl oggvorbis opengl oss pam pdflib perl pic pie png pwdb python quicktime readline sdl server snmp spell ssl svga tcpd truetype truetype-fonts type1- fonts xinetd xml2 xmms xprint xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTDIR_OVERLAY
have the latest flow-tools ebuilds fixed this? (test the ~arch ones please). Let me know if this is still a problem
I believe the latest versions in portage have fixed this (it did for me) and the OP has not replied in almost 2 months.
