Versions Compared

Old Version 5

changes.mady.by.user Unknown User (akbar)

Saved on

compared with

New Version 6

changes.mady.by.user Unknown User (akbar)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
# Set the default options from the configuration file:
$c = new ConfigReader::DirectiveStyle;
$c->directive('Verbose');
$c->directive('WaitSeconds');
$c->required('FlowFileGlob');
$c->required('ReportClasses');

# terapaths monitoring
$c->required('SyslogFacility');

$c->load("${FindBin::Bin}/${FindBin::Script}.cf");
$flowfileglob = $c->value('FlowFileGlob');
$opt_w        = $c->value('WaitSeconds');
$opt_v        = $c->value('Verbose');
@classes      = split( m/\s*,\s*/, $c->value('ReportClasses') ); # loads all the class names given in flowscan.cf into an array

|   |
|   |
|   |

foreach my $class (@classes) { # includes each of the classes
    eval "use $class";
    die "$@" if $@;
}

The main processing in flowscan takes place in an infinite while loop which keeps on processing flow-files as they are generated in the folder /var/flows/flows. The main steps that this while loop takes are:

  1. For all the flow-files currently in /var/flows/flows it sorts them by their names(which represents time-stamps).
  2. Next it takes each file in the sorted list and
    1. Generates a new object for each of the reporting classes for this flow-file's processing. Usually since only JKFlow.pm is the only reporting class only one object is instantiated.
    2. Calls the Cflow::find function passing the references of the "wanted" function in flowscan alongwith the pathname of the flow-file currently being processed. Cflow:find calls the wanted sub-routine for each flow-record present in the flow-file passed. The subroutine wanted is defined in flowscan but it is merely a stub which calls the wanted subroutines of all the reporting classes in the @classes array(i.e. JKFlow.pm in this case). The wanted sub-routines defined in reporting classes (such as JKFlow.pm) are basically designed so that they are called once for each individual flow-record. In case of JKFlow.pm as the wanted sub-routine is called for each flow-record, it updates the values of the data structures containing the network flow accounting and scoreboarding information which are maintained by JKFlow. A more detailed description of the wanted function is given in the description of JKFlow
    3. Calls the report function in flowscan. Once again the report function is also a stub which inturn calls report functions in all the reporting classes. The report function in case of JKFlow.pm handles the maintainence of scoreboards representing the topN information as well as writing out RRD reports of the data based on information gathered until now.
    4. Finally destroys the array of reporting classes and objects. A key point to note here is that although the objects are destroyed the global data structures for flow-accounting remain intact so that when the objects are created for the processing of the next flow-file, they access the same data strcutures as for the previous flow-file.