> > >flow-stat > NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.71 "> > CLASS="REFENTRY" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" > > NAME="AEN1" > CLASS="APPLICATION" >flow-stat > > > CLASS="REFNAMEDIV" > NAME="AEN6" > > >Name > CLASS="APPLICATION" >flow-stat > -- Generate reports with flow data. > CLASS="REFSYNOPSISDIV" > NAME="AEN10" > > >Synopsis > > CLASS="COMMAND" >flow-stat > [-hnpPw] [-d CLASS="REPLACEABLE" > > debug_level > >] [-f CLASS="REPLACEABLE" > > format > >] [-S CLASS="REPLACEABLE" > > sort_field > >] [-s CLASS="REPLACEABLE" > > sort_field > >] [-t CLASS="REPLACEABLE" > > tally_lines > >] [-T CLASS="REPLACEABLE" > > title > >] > > CLASS="REFSECT1" > NAME="AEN26" > > >DESCRIPTION > >The CLASS="COMMAND" >flow-stat > utility generates usage reports for flow data sets by IP address, IP address pairs, ports, packets, bytes, interfaces, next hops, autonomous systems, ToS bits, exporters, and tags. > > CLASS="REFSECT1" > NAME="AEN30" > > >OPTIONS > > > CLASS="VARIABLELIST" > > >-d CLASS="REPLACEABLE" > > debug_level > > > > >Enable debugging. > > >-f CLASS="REPLACEABLE" > > format > > > > > CLASS="LITERALLAYOUT" >Report format. Choose from the following: 0 Overall Summary 1 Average packet size distribution 2 Packets per flow distribution 3 Octets per flow distribution 4 Bandwidth per flow distribution 5 UDP/TCP destination port 6 UDP/TCP source port 7 UDP/TCP port 8 Destination IP 9 Source IP 10 Source/Destination IP 11 Source or Destination IP 12 IP protocol 13 octets for flow duration plot data 14 packets for flow duration plot data 15 short summary 16 IP Next Hop 17 Input interface 18 Output interface 19 Source AS 20 Destination AS 21 Source/Destination AS 22 IP ToS 23 Input/Output Interface 24 Source Prefix 25 Destination Prefix 26 Source/Destination Prefix 27 Exporter IP 28 Engine Id 29 Engine Type 30 Source Tag 31 Destination Tag 32 Source/Destination Tag > > > >-h > > >Display help. > > >-n > > >Use symbolic names where appropriate. > > >-p > > >Display header information. > > >-P > > >Report as percent total. > > >-s CLASS="REPLACEABLE" > > sort_field > > > > >Sort ascending on field CLASS="REPLACEABLE" > >sort_field > >. > > >-S CLASS="REPLACEABLE" > > sort_field > > > > >Sort descending on field CLASS="REPLACEABLE" > >sort_field > >. > > >-t CLASS="REPLACEABLE" > > tally_lines > > > > >Tally totals every CLASS="REPLACEABLE" > >tally_lines > >lines. > > >-T CLASS="REPLACEABLE" > > title > > > > >Set report title to CLASS="REPLACEABLE" > >title > >. > > >-w > > >Wide output. > > > > > CLASS="REFSECT1" > NAME="AEN88" > > >EXAMPLES > CLASS="INFORMALEXAMPLE" > NAME="AEN90" > > > > >Provide a report on top source/destination IP pairs sorted by octets, report in percent total form for the flows in CLASS="FILENAME" >/flows/krc4 >. Use the preload option to flow-cat to preserve meta information and display it with flow-stat. > > CLASS="COMMAND" >flow-cat -p /flows/krc4 | flow-stat -f10 -P -p -S4 > > > > > > CLASS="REFSECT1" > NAME="AEN95" > > >EXAMPLES > CLASS="INFORMALEXAMPLE" > NAME="AEN97" > > > > >Many times a campus network will have a single border router which has one interface pointing to the internal side and many interfaces pointing to other providers. These interfaces each have a unique numerical id known in SNMP terms as an ifIndex. The ifIndex to interface name mappings can be determined by using a tool such as CLASS="APPLICATION" >snmpwalk > or using show commands in recent versions of IOS with the 'show snmp mib ifmib ifindex' or JunOS 'show interfaces'. Once the ifIndex for each interface is known flow-filter can be combined with flow-stat to provide reports such as inbound vs outbound top src/destination IP addresses. Provide a top source IP address report by outbound traffic, ie the top senders of traffic on the campus network. Assume the ifIndex of the campus interface is 5. > > flow-cat -p /flows/krc4 | flow-filter -i5 | flow-stat -f9 -P -p -S3 > > > > > CLASS="REFSECT1" > NAME="AEN101" > > >EXAMPLES > CLASS="INFORMALEXAMPLE" > NAME="AEN103" > > > > >Provide a top destination IP address report by outbound traffic, ie the top sinks of traffic on the campus network. Assume the ifIndex of the campus interface is 5. > > flow-cat -p /flows/krc4 | flow-filter -I5 | flow-stat -f8 -P -p -S3 > > > > > CLASS="REFSECT1" > NAME="AEN106" > > >EXAMPLES > CLASS="INFORMALEXAMPLE" > NAME="AEN108" > > > > >Provide a top source/destination AS report. Use symbolic names. > > flow-cat -p /flows/krc4 | flow-stat -f20 -n -P -p -S4 > > > > > CLASS="REFSECT1" > NAME="AEN111" > > >BUGS > >None known. > > CLASS="REFSECT1" > NAME="AEN114" > > >AUTHOR > >Mark Fullmer CLASS="EMAIL" >< HREF="mailto:maf@splintered.net" >maf@splintered.net >> > > > CLASS="REFSECT1" > NAME="AEN121" > > >SEE ALSO > > CLASS="APPLICATION" >flow-tools >(1) > > > >
