...
This is the main executable file. All other modules and dependent sub-routines are called from within this file. Flowscan assumes that flow-files containing raw flow information are being constantly generated in a folder on the system. The location of this folder is specified in the flowscan.cf by the identifier FlowFileGlob. Generally flow-files are named so that their names indicate a timestamp for when that file was generated. In the current configuration flow-files are being generated every minute. For example the following listing of /var/flows/flows shows two flow-files currently in the directory.
| Code Block | ||||
|---|---|---|---|---|
| ||||
akbar@iepm-resp $ ls -rtl /var/flows/flows total 552 -rw-r--r-- 1 akbar sg 224688 Apr 11 19:06 USA-ft-v05.2007-03-21.121300-0400 -rw-r--r-- 1 akbar sg 261616 Apr 11 19:06 USA-ft-v05.2007-03-21.121200-0400 |
The basic job of flowscan is to take up the files present in the flow-file folder (such as /var/flows/flows) and process them using a reporting module such as JKFlow.pm in order of their timestamps. It runs in an infinite loop and keeps checking /var/flows/flows for new flow-files and if there are any present it processes them and deletes each flow-file as it is processed by the reporting module. The choice of reporting module is also configurable and can be specified in flowscan.cf using the identifier ReportClasses.