This allows processing of the text output from the XOS "show flow active" command into various useful forms.
This version of the "show flow analyser" (sfa3b.pl) is substantially updated from the previous version. It is for NPM-86xx-based system only (the older version can still be used for NPM-82xx)
Improvements include a comprehensive help system (try "sfa3b.pl --help") and the ability to modularise the output.
With very large input files, the default output options will potentially consume very large amounts of memory.
For example, a system with approximately 5 million flows requires up to 4GB of RAM.
This version allows you to specify that only the portions of interest (for example, the average TTL of flows) be processed and output.
By narrowing the focus of the script, the memory footprint can be substantially reduced.
This would process the file
medium.log and only process it to produce the ordered set of Flow TTLs.
Additionally (although not required in this case) the output is limited to no more than 100 lines per section.
Note that the
--pairs output (which is implicit in the default
--all selector) is far and away the largest consumer of memory. It is best avoided unless required.
The program has dependencies on a few Perl modules. Depending upon the Perl installation, some or all may well be already installed. If not, they are easily installed using the
For example, start cpan, then type
The modules required (and the program will fail and indicate why if not installed) are:
All are available for easy installation using the Perl cpan tool.
Web Access In the near future it is planned to deploy this on a web-server. This will make use of the program much easier and simpler.
Until that is done, if there are any queries (for example, getting the module dependencies correct is a minor issue sometimes) then please get in touch and we can make the script available on a system for internal use.