A flow database as stored by mr2mysql in MySql has the following tables:

Tables
addresses
flowDatabase
flows
meters
rulesets
snapshots

The main table is the flows table. It consists of the following fields:

Field Type Null Key Default Extra
flowID int(10) unsigned   PRI   auto_increment
srcPeerAddress int(10) unsigned     0  
srcPeerMask int(10) unsigned     0  
dstPeerAddress int(10) unsigned     0  
dstPeerMask int(10) unsigned     0  
rulesetID mediumint(8) unsigned     0  
meterID mediumint(8) unsigned     0  
transportType tinyint(3) unsigned     0  
srcTransAddr smallint(5) unsigned     0  
srcTransMask smallint(5) unsigned     0  
dstTransAddr smallint(5) unsigned     0  
dstTransMask smallint(5) unsigned     0  
pduScale tinyint(3) unsigned     0  
fromPDUs bigint(20) unsigned     0  
toPDUs bigint(20) unsigned     0  
octetScale tinyint(3) unsigned     0  
fromOctets bigint(20) unsigned     0  
toOctets bigint(20) unsigned     0  
flowFirstTime int(10) unsigned     0  
flowLastActiveTime int(10) unsigned     0  
flowFirstTimeGMT datetime     0000-00-00 00:00:00  
flowKind tinyint(3) unsigned     0  
DSCodePoint tinyint(3) unsigned     0  

The rulesetID and meterID
are indexes into the rulesets and meters tables.

The srcPeerAddress and dstPeerAddress are the source and destination IP addresses.
These are stored as 32 bit integers (i.e. can only be IPv4 addresses).
They can be converted to IP addresses in dotted decimal notation by using INET_NTOA() in the SQL query; e.g.:
  SELECT DISTINCT(INET_NTOA(srcPeerAddress)) FROM flows;

The rulesets table has only two fields:
Field Type Null Key Default Extra
rulesetID mediumint(8) unsigned   PRI   auto_increment
rulesetName varchar(128) binary        

This is were the name of the ruleset that resulted in a flow entry is stored (as retrieved from the meter-MIB).

The structure of the meters table:
Field Type Null Key Default Extra
meterID mediumint(8) unsigned   PRI   auto_increment
meterName varchar(128) binary        
meterAddress varchar(128) binary        

The metername entry is the name supplied to mr2mysql
It is resolved to meterAddress by the mr2mysql tool.
If you supply the meter name in 'dotted decimal' (e.g. mr2mysql -h 10.0.0.2) the two fields will thus be the same.

The flowDatabase table is (can be) used to store version information and comments about the flow database:
Field Type Null Key Default Extra
vMajor int(10) unsigned     0  
vMinor int(10) unsigned     0  
vRevision int(10) unsigned     0  
vComment varchar(255)     no comment  

If the structure of the database changes that should be reflected in this table
Although this table is currently unused and not checked by the example scripts
The version numbers stored in this table by mr2mysql are 1.0.1 (vMajor.vMinor.vRevision)

Last but not least the fields in the snapshots table:
Field Type Null Key Default Extra
flowID int(10) unsigned     0  
rulesetID int(10) unsigned     0  
flowKind tinyint(3) unsigned     0  
snapshotTime int(10) unsigned     0  
snapshotTime_d int(10) unsigned     0  
fromPDUs_d bigint(20) unsigned     0  
toPDUs_d bigint(20) unsigned     0  
fromOctets_d bigint(20) unsigned     0  
toOctets_d bigint(20) unsigned     0  
fromPDUs bigint(20) unsigned     0  
toPDUs bigint(20) unsigned     0  
fromOctets bigint(20) unsigned     0  
toOctets bigint(20) unsigned     0  

The snapshots table is the table where mr2mysql will store 'snapshots' of the flow counters if it is instructed to do so.
Currently this is determined by the value of 'flowKind' as read by mr2mysql.
If the high bit of flowKind is set (i.e. flowKind >= 128) it will store a new snapshot
of that flow's counters every time it reads flow information from the meter-MIB.

This page was last updated January 1, 1970.
For questions please contact Remco Poortinga