This repository was archived by the owner on Nov 27, 2018. It is now read-only.
This repository was archived by the owner on Nov 27, 2018. It is now read-only.
Supporting yaf statistics (Option Templates) #21
Description
I see here https://github.com/calmh/ipfix/blob/master/parser.go#L296 that option templates are not handled at all.
I am not very familiar with the IPFIX format. How hard would it be to implement support for Option Templates?
I am trying to grab statistics from yaf flow files. Relevant docs embedded below in this post, see https://tools.netsa.cert.org/yaf/yaf.html and search for "Statistics Option Template" for the source.
I tried contacting you on the gophers slack to talk, but I figured I'd post here as well :)
Statistics Option Template
yaf will export information about its process periodically using IPFIX Options Template Record. This record gives information about the status of the flow and fragment table, as well as decoding information. This can be turned off using the --no-stats option. The following Information Elements will be exported:
systemInitTimeMilliseconds IE 161, 8 octets, unsigned
The time in milliseconds of the last (re-)initialization of yaf.
exportedFlowRecordTotalCount IE 42, 8 octets, unsigned
Total amount of exported flows from yaf start time.
packetTotalCount IE 86, 8 octets, unsigned
Total amount of packets processed by yaf from yaf start time.
droppedPacketTotalCount IE 135, 8 octets, unsigned
Total amount of dropped packets according to statistics given by libpcap, libdag, or the Napatech or Netronome APIs.
ignoredPacketTotalCount IE 164, 8 octets, unsigned
Total amount of packets ignored by the yaf packet decoder, such as unsupported packet types and incomplete headers, from yaf start time.
notSentPacketTotalCount IE 167, 8 octets, unsigned
Total amount of packets rejected by yaf because they were received out of sequence.
expiredFragmentCount CERT (PEN 6871) IE 100, 4 octets, unsigned
Total amount of fragments that have been expired since yaf start time.
assembledFragmentCount CERT (PEN 6871) IE 101, 4 octets, unsigned
Total number of packets that been assembled from a series of fragments since yaf start time.
flowTableFlushEventCount CERT (PEN 6871) IE 104, 4 octets, unsigned
Total number of times the yaf flow table has been flushed since yaf start time.
flowTablePeakCount CERT (PEN 6871) IE 105, 4 octets, unsigned
The maximum number of flows in the yaf flow table at any one time since yaf start time.
exporterIPv4Address IE 130, 4 octets, unsigned
The IPv4 Address of the yaf flow sensor.
exportingProcessId IE 144, 4 octets, unsigned
Set the ID of the yaf flow sensor by giving a value to --observation-domain. The default is 0.
meanFlowRate CERT (PEN 6871) IE 102, 4 octets, unsigned
The mean flow rate of the yaf flow sensor since yaf start time, rounded to the nearest integer.
meanPacketRate CERT (PEN 6871) IE 103, 4 octets, unsigned
The mean packet rate of the yaf flow sensor since yaf start time, rounded to the nearest integer.