Welcome to the FlowViewer Web Site

FAQ      Version 3.3.1 now available with new features including ...      FAQ

Named Interfaces, Analysis by Exporter, Save and Retrieve Filters, Next Hop Filtering,
Bytes per Period, Sampling Multiplier, Threshold Alerts, Pie Charts, Three Year Graphs,
Sort FlowGrapher Output, Better Report and Graph Saving, and more.

If you are experiencing any problems that are keeping you from using the full FlowViewer
suite of tools, please check the updated FAQ which may have an assist for your problem.
Or, contact   Joe Loiacono   for help.

	FlowViewer, FlowGrapher, and FlowTracker are tools that provide an easy web-based user interface for selecting, viewing, graphing, and now tracking NetFlow data stored using Mark Fullmer's flow-tools (new fork) software. The user is able to filter data (inclusion or exclusion) by device, IP address range, port, router interface, autonomous system (AS), specified time interval, protocols, TOS field, TCP flags, and now Exporter, and Next Hop. Many of the flow-tools reports are configured as drop-down selections. Users are also able to save reports and graphs for later viewing, as well as track filtered data over the long run. FlowViewer, FlowGrapher, and FlowTracker make flow data analysis and tracking quick and easy. The FlowViewer package includes several files. The FlowViewer, FlowGrapher, and FlowTracker scripts and accompanying files are all within the FlowViewer download file. A configuration file is quickly configured and FlowViewer is almost immediately put into operation. FlowGrapher will require the installation of Lincoln Stein's GD, and Martien Verbruggen's (now Benjamin Warfield's) GD::Graph packages for Perl. FlowTracker will require installation of Tobi Oetiker's RRDtool package. Many thanks to FlowViewer v1 and v2 users who have contributed ideas, with a special thanks to Wojciech Kozicki whose suggestion doubled the FlowViewer processing speed, and Mark Foster, Ed Ravin and others for contributions to v3. Many thanks to Carles Kishimoto, Eric Lautenschlaeger, and Sean Cardus for their ideas and code contributions to v3.3. Thanks to Dario La Guardia for pointing out a graphing problem that turned out to be a rounding error in FlowGrapher. Credit to Peter Hoffswell for the idea of linking the tools. :-). Contact   Joe Loiacono   if you have problems with download, installation, configuration, or operation. Or, check the FAQ

Requirements 1. Web Server w/ CGI 2. Perl v5.0 or later 3a. flow-tools v 0.68 (new fork) 3b. flow-tools v 0.67 (original) 4. GD (for FlowGrapher) 5. GD::Graph (for FlowGrapher) 6. RRDtool (for FlowTracker)

Screen Shots Src/Dst Addresses Input Src/Dst Addresses Report 132 Columns Input 132 Columns Report Grapher Input Grapher Output Tracker Main Page Sample Tracking Active Trackings Creating a Group Sample Group Tracking

Download FlowViewer FlowViewer_3.3.1.tar README Users Guide (PDF)

Quick Upgrade 1. Untar the package into a new cgi-bin subdirectory 2. Configure FlowViewer_Configuration.pm variables as necessary 3. Replace old logos with new logos (might be done automatically) 4. Configure FlowViewer_Configuration.pm to point to existing FlowTracker_Filter and FlowTracker_RRDtool directories 5. Stop old Flowtracker_Collector and FlowTracker_Grapher 6. Start new Flowtracker_Collector and FlowTracker_Grapher 7. Modify NamedInterfaces_Devices file if using them 8. Use included 'User Relay' scripts if desired (see below) Quick Install 1. 'Un-tar' FlowViewer_3.2.tar in an appropriate directory at or below your web server's cgi-bin directory 2. Modify the contents of FlowViewer_Configuration.pm for your environment. 3. If you are going to use FlowGrapher, you will need to install both the GD and the GD::Graph packages for Perl. 4. If you are going to use FlowTracker, you will need to install the RRDtool package (at least version 1.2.12.) Create FlowTracker_Filters and FlowTracker_RRDtool subdirectories. 5. Point your web browser at either of FlowViewer.cgi, FlowGrapher.cgi, or FlowTracker.cgi and go ...

Installation Tips 1. If you do not embed your device name in the name of the directory that stores the raw flow data (e.g., you have only one device) set the @devices array to empty (i.e., @devices = "";) With version 3.3, you can now collect all devices to one directory, and sort by Exporter. 2. Make sure that the FlowViewer 'reports', 'graphs', 'tracker', 'work', 'names', and 'log' (if you're logging) directories that you specify have adequate permissions (e.g., 0777) for the web server to write into them. 3. Double check that you have configured the proper HTTP protocol (i.e., either HTTP (usually port 80), or HTTPS (usually port 443)). 4. For FlowTracker make sure you install an RRDtool version that is 1.2.12 or later.

About Version 3 Version 3.3.1 fixes some problems related to using the new Exporter capability. A FlowGrapher problem with sorting host names has been fixed. A problem with FlowGrapher graphing across the midnight boundary is fixed. The FlowViewer_Relay.cgi optional scripts have been made easier to set up. A problem with FlowTracker and the use of $no_devices_or_exporters has been fixed. FlowViewer_Cleanup scripts have been cleaned up. A number of fixes have been added: exporter problems, FlowTracker at month boundaries, very long FlowTracker_Collector and ...Grapher runs freezing on Debian platforms (Debian Perl handles 'sleep' differently than Red Hat.) Version 3.3 introduces a number of new useful features including: Some devices will now have 'named interfaces' (thanks C. Kishimoto) The user can now save filters of interest and recall them later Data can now be analyzed by Exporter ID (in addition to device name) Users can now set thresholds on FlowTrackings, and be alerted Users can now sort FlowGrapher output based on column type FlowViewer now provides Pie Charts Capability added to apply a Sampling Multiplier to output FlowTrackings now have a '3 year' graph The user can now generate text listings of FlowTracker output Filtering on next-hop has been added Logging has been made more flexible (e.g., less data) Preserve latest three notations (was keeping first three) Can now specify and display time-zones A hook has been provided for a User Logo with link out of FlowViewer New file cleanup scripts have been added Unit Conversion capability has been added (thanks C. Kishimoto) Can now graph Flows, Packets as well as Octets (thanks E. Lautenschlaeger) Improved AS name resolution (thanks S. Cardus) New saved_directory for storing saved Reports and Graphs. Version 3.2 introduces FlowTracker groups. These groups merge copies of multiple previously defined individual trackings onto one graph. Improvements have been made to the speed of FlowTracker_Collector. All FlowViewer, FlowGrapher, and FlowTracker logos now have embedded links for quicker navigation between the tools. A new Autonomous System (AS) resolving capability has been added. A couple of fixes since the original v3.2 release: 1. 04/02/07 - Fixed FlowGrapher vs FlowTracker 'Average' differences (Thanks Dario La Guardia) 2. 04/11/07 - Fixed long DNS names problem Version 3.1 includes statistcal information (MAX, MIN, 95th PCT, AVG) with FlowGraphs, introduces the ability to archive and restart trackings, now permits queries longer than 30 days, permits a range of port numbers (e.g. ports 1024:1048) on queries, and fixed a number of small issues. Version 3.0 introduces FlowTracker, a tool that permits users to track flow_data subsets, defined by specified filter criteria, over long time periods This version also modifies the interaction of the scripts so that the create_FlowViewer _webpage and create_FlowGrapher_webpage scripts are eliminated. Users will now point their browsers to FlowViewer.cgi, FlowGgrapher.cgi, and FlowTracker.cgi scripts instead. These scripts will pre-load the data input pages with the current time. About Version 2 Version 2.3 is a major rework of FlowGrapher to increase it's processing speed. A 10-fold increase in speed was accomplished by eliminating calls to Time::Local:timelocal for each flow record processed. Computations of flow_length and determining of appropriate buckets are now in-line as much as possible. Version 2.2 introduces the flow_select option on the input page. This new parameter allows the user to specify which flows should be included in the specified time period. It may be the case that large, long flows may not end prior to the specified end time. These flows would not be counted previously as a flow was included only if it's end-time was within the time period. The flow_select option now permits the user to specify the type of flows he would like to see (e.g., "Any part of flow is within time period", "Start-time of flow within time period", etc.) This is more important over shorter time periods. The default value is "Any part of flow is within time period". Version 2.1 fixes a concatenation processing time "improvement" which turned out to be necessary after all, and end-of-year processing for FlowGrapher. Version 2 of FlowViewer introduces FlowGrapher, has halved the prosessing time, and has introduced several new features. The changes include: Used pipe (|) instead of re-reading intermediate files (thanks Woj Kozicki!) Introduced configurable variable $N to specify flow-directory nesting levels Reduced default value of configurable variable $flow_capture_interval to 1800 Created FlowViewer_NDBM.cgi for users whose Perl does not have GDBM Created configurable 'work_directory' separate from cgi_bin_directory Sped up concatenation for requests that cross day boundaries Added additional filter fields: Protocol, TOS Field, TCP Flags Added additional syntax checking Added FlowGrapher capability (requires GD for Perl)