Here are example configurations for JKFlow-v4.0,
included in the package. Also the output of JKFlow
is shown. 

JKFlow_example_verybasic.xml
----------------------------

This configuration is very basic. It reports all traffic where source or
destination ip address is located in 10.0.0.0/8. It creates both RRDTool
and DBM::Deep files, so JKGrapher.pl and JKPlotter.pl graphs can be
compared with each other.

<config>
  <all localsubnets="10.0.0.0/8">
    <application name="web">80/tcp,8080/tcp</application>
    <application name="secureweb">443/tcp</application>
    <application name="mailreading">110/tcp,143/tcp</application>
    <application name="windows">137-139/tcp,137-139/udp</application>
    <application name="dns">53/udp,53/tcp</application>
    <services>22-23/tcp,25/tcp,102/tcp,119/tcp</services>
    <protocols>tcp,udp,icmp</protocols>
    <otherservices/>
    <otherprotocols/>
    <ftp/>
    <tos/>
    <tuples>
       <tuple>srcip,dstip</tuple>
    </tuples>
    <total/>
    <reportrrd/>
    <reportdb/>
  </all>
  <rrddir>/var/flows/reports/rrds</rrddir>
  <dbdir>/var/flows/reports/db</dbdir>
  <scoredir>/var/flows/score</scoredir>
  <sampletime>300</sampletime>
  <dbsamples>10</dbsamples>
</config>

# /usr/local/bin/flowscan
DIRECTION: All
All: + localsubnets subnet 10.0.0.0/8
Reports to RRD
Reports to DBM::Deep
Wanted function created
...

JKFlow_example_basicsites_nosets.xml
------------------------------------

JKFlow can be used for basic reporting, but the real power lies in the directions.
A direction selects part of the total network traffic, mostly selecting certain 
source/destination subnets. You can hardcode subnets in directions, but it's much
easier to define sites. Here are 3 directions defined. Note how JKFlow replaces the
site names with the subnets. Note also the "countFunction_pure" assigment, this means
no special handling of counting on subnets selected traffic is done.

<config>
  <sites>
    <site name="Belgium" subnets="10.10.0.0/16"/>
    <site name="Holland" subnets="10.20.0.0/16"/>
    <site name="England" subnets="10.30.0.0/16"/>
    <site name="Internet" subnets="0.0.0.0/0"/>
  </sites>
  <directions>
    <direction name="Belgium-Internet" from="Belgium" to="Internet" noto="Belgium">
      <application name="web">80/tcp,8080/tcp</application>
      <application name="secureweb">443/tcp</application>
      <application name="mailreading">110/tcp,143/tcp</application>
      <application name="windows">137-139/tcp,137-139/udp</application>
      <application name="dns">53/udp,53/tcp</application>
      <services>22-23/tcp,25/tcp,102/tcp,119/tcp</services>
      <otherservices/>
      <ftp/>
      <protocols>tcp,udp,icmp</protocols>
      <multicast/>
      <otherprotocols/>
      <dscp/>
      <tuples>
        <tuple>srcip,dstip</tuple>
      </tuples>
      <total/>
      <reportrrd/>
      <reportdb/>
    </direction>
    <direction name="Holland-Internet" from="Holland" to="Internet" noto="Holland">
      <application name="web">80/tcp,8080/tcp</application>
      <application name="secureweb">443/tcp</application>
      <application name="mailreading">110/tcp,143/tcp</application>
      <application name="windows">137-139/tcp,137-139/udp</application>
      <application name="dns">53/udp,53/tcp</application>
      <services>22-23/tcp,25/tcp,102/tcp,119/tcp</services>
      <otherservices/>
      <ftp/>
      <protocols>tcp,udp,icmp</protocols>
      <multicast/>
      <otherprotocols/>
      <dscp/>
      <tuples>
        <tuple>srcip,dstip</tuple>
      </tuples>
      <total/>
      <reportdb/>
    </direction>
    <direction name="England-Internet" from="England" to="Internet" noto="England">
      <application name="web">80/tcp,8080/tcp</application>
      <application name="secureweb">443/tcp</application>
      <application name="mailreading">110/tcp,143/tcp</application>
      <application name="windows">137-139/tcp,137-139/udp</application>
      <application name="dns">53/udp,53/tcp</application>
      <services>22-23/tcp,25/tcp,102/tcp,119/tcp</services>
      <otherservices/>
      <ftp/>
      <protocols>tcp,udp,icmp</protocols>
      <multicast/>
      <otherprotocols/>
      <dscp/>
      <tuples>
        <tuple>srcip,dstip</tuple>
      </tuples>
      <total/>
      <reportrrd/>
    </direction>
  </directions>
  <rrddir>/var/flows/reports/rrds</rrddir>
  <dbdir>/var/flows/reports/db</dbdir>
  <scoredir>/var/flows/score</scoredir>
  <sampletime>300</sampletime>
  <dbsamples>10</dbsamples>
</config>

# /usr/local/bin/flowscan
DIRECTION: Holland-Internet
Adding fromsubnets Holland
Adding fromsite Holland
Adding fromsubnets subnet 10.20.0.0/16
Adding tosubnets Internet
Adding tosite Internet
Adding tosubnets subnet 0.0.0.0/0
Adding notosubnets Holland
Adding tosite Holland
Adding notosubnets subnet 10.20.0.0/16
Subnets: FROM=10.20.0.0/16 TO=0.0.0.0/0
Assigning countfunction countFunction_pure to direction Holland-Internet
Reports to DBM::Deep
DIRECTION: Belgium-Internet
Adding fromsubnets Belgium
Adding fromsite Belgium
Adding fromsubnets subnet 10.10.0.0/16
Adding tosubnets Internet
Adding tosite Internet
Adding tosubnets subnet 0.0.0.0/0
Adding notosubnets Belgium
Adding tosite Belgium
Adding notosubnets subnet 10.10.0.0/16
Subnets: FROM=10.10.0.0/16 TO=0.0.0.0/0
Assigning countfunction countFunction_pure to direction Belgium-Internet
Reports to RRD
Reports to DBM::Deep
DIRECTION: England-Internet
Adding fromsubnets England
Adding fromsite England
Adding fromsubnets subnet 10.30.0.0/16
Adding tosubnets Internet
Adding tosite Internet
Adding tosubnets subnet 0.0.0.0/0
Adding notosubnets England
Adding tosite England
Adding notosubnets subnet 10.30.0.0/16
Subnets: FROM=10.30.0.0/16 TO=0.0.0.0/0
Assigning countfunction countFunction_pure to direction England-Internet
Reports to RRD
Wanted function created
...

JKFlow_example_basicsites_withsets.xml
--------------------------------------

Here the same configuration is done using (define)sets. Sets can make
configuration of multiple directions easier to read, and changes
reflecting service monitoring on all directions is easy. Note the
"parseSet: Common Services" in the JKFlow output.

<config>
  <definesets>
    <defineset name="Common Services">
      <application name="web">80/tcp,8080/tcp</application>
      <application name="secureweb">443/tcp</application>
      <application name="mailreading">110/tcp,143/tcp</application>
      <application name="windows">137-139/tcp,137-139/udp</application>
      <application name="dns">53/udp,53/tcp</application>
      <services>22-23/tcp,25/tcp,102/tcp,119/tcp</services>
      <otherservices/>
      <ftp/>
      <protocols>tcp,udp,icmp</protocols>
      <multicast/>
      <otherprotocols/>
      <tos/>
      <tuples>                                           <-- new in JKFlow 4.0
        <tuple>srcip,dstip</tuple>                       <-- new in JKFlow 4.0
      </tuples>                                          <-- new in JKFlow 4.0
      <total/>
      <reportrrd/>                                       <-- new in JKFlow 4.0
      <reportdb/>                                        <-- new in JKFlow 4.0
    </defineset>
  </definesets>
  <sites>
    <site name="Belgium" subnets="10.10.0.0/16"/>
    <site name="Holland" subnets="10.20.0.0/16"/>
    <site name="England" subnets="10.30.0.0/16"/>
    <site name="Internet" subnets="0.0.0.0/0"/>
  </sites>
  <directions>
    <direction name="Belgium-Internet" from="Belgium" to="Internet" noto="Belgium">
      <set name="Common Services"/>
    </direction>
    <direction name="Holland-Internet" from="Holland" to="Internet" noto="Holland">
      <set name="Common Services"/>
    </direction>
    <direction name="England-Internet" from="England" to="Internet" noto="England">
      <set name="Common Services"/>
    </direction>
  </directions>
  <rrddir>/var/flows/reports/rrds</rrddir>
  <dbdir>/var/flows/reports/db</dbdir>                   <-- new in JKFlow 4.0
  <scoredir>/var/flows/score</scoredir>
  <sampletime>300</sampletime>
  <dbsamples>10</dbsamples>                              <-- new in JKFlow 4.0
</config>

# /usr/local/bin/flowscan
DIRECTION: Holland-Internet
Adding fromsubnets Holland
Adding fromsite Holland
Adding fromsubnets subnet 10.20.0.0/16
Adding tosubnets Internet
Adding tosite Internet
Adding tosubnets subnet 0.0.0.0/0
Adding notosubnets Holland
Adding tosite Holland
Adding notosubnets subnet 10.20.0.0/16
Subnets: FROM=10.20.0.0/16 TO=0.0.0.0/0
Assigning countfunction countFunction_pure to direction Holland-Internet
parseSet: Common Services
Reports to RRD
Reports to DBM::Deep
DIRECTION: Belgium-Internet
Adding fromsubnets Belgium
Adding fromsite Belgium
Adding fromsubnets subnet 10.10.0.0/16
Adding tosubnets Internet
Adding tosite Internet
Adding tosubnets subnet 0.0.0.0/0
Adding notosubnets Belgium
Adding tosite Belgium
Adding notosubnets subnet 10.10.0.0/16
Subnets: FROM=10.10.0.0/16 TO=0.0.0.0/0
Assigning countfunction countFunction_pure to direction Belgium-Internet
parseSet: Common Services
Reports to RRD
Reports to DBM::Deep
DIRECTION: England-Internet
Adding fromsubnets England
Adding fromsite England
Adding fromsubnets subnet 10.30.0.0/16
Adding tosubnets Internet
Adding tosite Internet
Adding tosubnets subnet 0.0.0.0/0
Adding notosubnets England
Adding tosite England
Adding notosubnets subnet 10.30.0.0/16
Subnets: FROM=10.30.0.0/16 TO=0.0.0.0/0
Assigning countfunction countFunction_pure to direction England-Internet
parseSet: Common Services
Reports to RRD
Reports to DBM::Deep
Wanted function created
...

JKFlow_example_routers.xml
--------------------------

This is a slightly complexer example using routergroups. 7 routergroups
selecting each a set of interfaces on routers were defined. First these
routergroups are parsed. Then during parsing the directions, the routergroup
is assigned to the direction. Note the "countFunction_interfaces" assingment.
Flows selected on exporter ip address, enter another handler selecting
those with matching interfaces. There is also a "other" direction defined.
The "other" direction captures all flows not captured by any other direction.
Also note that scoreboarding is defined in some directions. Scoreboarding
and DBM::Deep files use both "tuples". Tuples are combinations of 1 or more
netflow variables like srcip, dstip, srcport, dstport, etc...

<config>
  <definesets>
    <defineset name="Common Services">
      <application name="web">80/tcp,8080/tcp</application>
      <application name="secureweb">443/tcp</application>
      <application name="mailreading">110/tcp,143/tcp</application>
      <application name="windows">137-139/tcp,137-139/udp,42/tcp,135/tcp,445/tcp</application>
      <application name="dns">53/udp,53/tcp</application>
      <application name="netflow">2055/tcp,2055/udp</application>
      <services>22-23/tcp,25/tcp,102/tcp,119/tcp</services>
      <protocols>tcp,udp,icmp</protocols>
      <otherprotocols/>
      <otherservices/>
      <ftp/>
      <multicast/>
      <dscp/>
      <tuples>                                           <-- new in JKFlow 4.0
        <tuple>srcip,dstip</tuple>                       <-- new in JKFlow 4.0
      </tuples>                                          <-- new in JKFlow 4.0
      <total/>
      <reportrrd/>                                       <-- new in JKFlow 4.0
      <reportdb/>                                        <-- new in JKFlow 4.0
    </defineset>
  </definesets>
  <routergroups>
    <routergroup name="ROUTERS1">
      <router exporter="10.1.1.1" interface="10"/>
      <router exporter="10.1.1.1" interface="11"/>
      <router exporter="10.1.1.2" interface="10"/>
      <router exporter="10.1.1.2" interface="11"/>
    </routergroup>
    <routergroup name="ROUTERS1-LINE1">
      <router exporter="10.1.1.1" interface="10"/>
      <router exporter="10.1.1.2" interface="10"/>
    </routergroup>
    <routergroup name="ROUTERS1-LINE2">
      <router exporter="10.1.1.1" interface="11"/>
      <router exporter="10.1.1.2" interface="11"/>
    </routergroup>
    <routergroup name="ROUTERS2">
      <router exporter="10.2.2.2" interface="9"/>
      <router exporter="10.2.2.3" interface="9"/>
      <router exporter="10.2.2.4" interface="9"/>
      <router exporter="10.2.2.5" interface="9"/>
      <router exporter="10.2.2.2" interface="10"/>
      <router exporter="10.2.2.3" interface="10"/>
      <router exporter="10.2.2.4" interface="10"/>
      <router exporter="10.2.2.5" interface="10"/>
      <router exporter="10.2.2.2" interface="13"/>
      <router exporter="10.2.2.3" interface="13"/>
      <router exporter="10.2.2.4" interface="13"/>
      <router exporter="10.2.2.5" interface="13"/>
    </routergroup>
    <routergroup name="ROUTERS2-LINE1">
      <router exporter="10.2.2.2" interface="9"/>
      <router exporter="10.2.2.3" interface="9"/>
      <router exporter="10.2.2.4" interface="9"/>
      <router exporter="10.2.2.5" interface="9"/>
    </routergroup>
    <routergroup name="ROUTERS2-LINE2">
      <router exporter="10.2.2.2" interface="10"/>
      <router exporter="10.2.2.3" interface="10"/>
      <router exporter="10.2.2.4" interface="10"/>
      <router exporter="10.2.2.5" interface="10"/>
    </routergroup>
    <routergroup name="ROUTERS2-LINE3">
      <router exporter="10.2.2.2" interface="13"/>
      <router exporter="10.2.2.3" interface="13"/>
      <router exporter="10.2.2.4" interface="13"/>
      <router exporter="10.2.2.5" interface="13"/>
    </routergroup>
  </routergroups>
  <directions>
    <direction name="ROUTERS1" routergroup="ROUTERS1">
      <set name="Common Services"/>
      <scoreboard every="1" latest="latest.html">
        <report count="12" base="agghour" scorekeep="20" numkeep="100"/>
        <report count="72" base="agg6hour" scorekeep="20" numkeep="100"/>
      </scoreboard>
      <scoreboardother every="1" latest="latestother.html">
        <tuples>
          <tuple>srcip,dstip</tuple>
          <tuple>srcip,srcport,dstip,dstport</tuple>
          <tuple>srcport,dstport</tuple>
          <tuple>srcip,dstip,dstport</tuple>
          <tuple>srcip,srcport,dstip</tuple>
        </tuples>
        <report count="12" base="agghour" scorekeep="20" numkeep="100"/>
        <report count="72" base="agg6hour" scorekeep="20" numkeep="100"/>
      </scoreboardother>
    </direction>
    <direction name="ROUTERS1-LINE1" routergroup="ROUTERS1-LINE1">
      <set name="Common Services"/>
      <scoreboard every="1" latest="latest.html">
        <report count="12" base="agghour" scorekeep="20" numkeep="100"/>
        <report count="72" base="agg6hour" scorekeep="20" numkeep="100"/>
      </scoreboard>
      <scoreboardother every="1" latest="latestother.html">
        <tuples>
          <tuple>srcip,dstip</tuple>
          <tuple>srcip,srcport,dstip,dstport</tuple>
          <tuple>srcport,dstport</tuple>
          <tuple>srcip,dstip,dstport</tuple>
          <tuple>srcip,srcport,dstip</tuple>
        </tuples>
        <report count="12" base="agghour" scorekeep="20" numkeep="100"/>
        <report count="72" base="agg6hour" scorekeep="20" numkeep="100"/>
      </scoreboardother>
    </direction>
    <direction name="ROUTERS1-LINE2" routergroup="ROUTERS1-LINE2">
      <set name="Common Services"/>
    </direction>
    <direction name="ROUTERS2" routergroup="ROUTERS2">
      <set name="Common Services"/>
    </direction>
    <direction name="ROUTERS2-LINE1" routergroup="ROUTERS2-LINE1">
      <set name="Common Services"/>
    </direction>
    <direction name="ROUTERS2-LINE2" routergroup="ROUTERS2-LINE2">
      <set name="Common Services"/>
      <scoreboard every="1" latest="latest.html">
        <report count="12" base="agghour" scorekeep="20" numkeep="100"/>
        <report count="72" base="agg6hour" scorekeep="20" numkeep="100"/>
      </scoreboard>
    </direction>
    <direction name="ROUTERS2-LINE3" routergroup="ROUTERS2-LINE3">
      <set name="Common Services"/>
    </direction>
    <direction name="other">
      <set name="Common Services"/>
      <scoreboard>
        <report count="12" base="agghour" scorekeep="20" numkeep="100"/>
        <report count="72" base="agg6hour" scorekeep="20" numkeep="100"/>
      </scoreboard>
      <scoreboardother>
        <tuples>
          <tuple>srcip,dstip</tuple>
          <tuple>srcip,srcport,dstip,dstport</tuple>
          <tuple>srcport,dstport</tuple>
          <tuple>srcip,dstip,dstport</tuple>
          <tuple>srcip,srcport,dstip</tuple>
        </tuples>
        <report count="12" base="agghour" scorekeep="20" numkeep="100"/>
        <report count="72" base="agg6hour" scorekeep="20" numkeep="100"/>
      </scoreboardother>
      </direction>
    </directions>
  <rrddir>/var/flows/report/rrds</rrddir>
  <dbdir>/var/flows/report/db</dbdir>                    <-- new in JKFlow 4.0
  <scoredir>/var/flows/score</scoredir>
  <sampletime>300</sampletime>
  <dbsamples>10</dbsamples>                              <-- new in JKFlow 4.0
</config>

# /usr/local/bin/flowscan
Routergroup: ROUTERS2-LINE3
Exporter: 10.2.2.2, interface: 13
Exporter: 10.2.2.3, interface: 13
Exporter: 10.2.2.4, interface: 13
Exporter: 10.2.2.5, interface: 13
Routergroup: ROUTERS1
Exporter: 10.1.1.1, interface: 10
Exporter: 10.1.1.1, interface: 11
Exporter: 10.1.1.2, interface: 10
Exporter: 10.1.1.2, interface: 11
Routergroup: ROUTERS2-LINE2
Exporter: 10.2.2.2, interface: 10
Exporter: 10.2.2.3, interface: 10
Exporter: 10.2.2.4, interface: 10
Exporter: 10.2.2.5, interface: 10
Routergroup: ROUTERS2-LINE1
Exporter: 10.2.2.2, interface: 9
Exporter: 10.2.2.3, interface: 9
Exporter: 10.2.2.4, interface: 9
Exporter: 10.2.2.5, interface: 9
Routergroup: ROUTERS2
Exporter: 10.2.2.2, interface: 9
Exporter: 10.2.2.3, interface: 9
Exporter: 10.2.2.4, interface: 9
Exporter: 10.2.2.5, interface: 9
Exporter: 10.2.2.2, interface: 10
Exporter: 10.2.2.3, interface: 10
Exporter: 10.2.2.4, interface: 10
Exporter: 10.2.2.5, interface: 10
Exporter: 10.2.2.2, interface: 13
Exporter: 10.2.2.3, interface: 13
Exporter: 10.2.2.4, interface: 13
Exporter: 10.2.2.5, interface: 13
Routergroup: ROUTERS1-LINE2
Exporter: 10.1.1.1, interface: 11
Exporter: 10.1.1.2, interface: 11
Routergroup: ROUTERS1-LINE1
Exporter: 10.1.1.1, interface: 10
Exporter: 10.1.1.2, interface: 10
DIRECTION: ROUTERS2-LINE3
Direction routergroup=ROUTERS2-LINE3
Exporter: 10.2.2.2,
interface: 13
Exporter: 10.2.2.3,
interface: 13
Exporter: 10.2.2.4,
interface: 13
Exporter: 10.2.2.5,
interface: 13
Assign routergroup ROUTERS2-LINE3 to Direction ROUTERS2-LINE3
Assigning countfunction countFunction_interfaces to direction ROUTERS2-LINE3
parseSet: Common Services
Reports to RRD
Reports to DBM::Deep
DIRECTION: ROUTERS1
Direction routergroup=ROUTERS1
Exporter: 10.1.1.1,
interface: 10
Exporter: 10.1.1.1,
interface: 11
Exporter: 10.1.1.2,
interface: 10
Exporter: 10.1.1.2,
interface: 11
Assign routergroup ROUTERS1 to Direction ROUTERS1
Assigning countfunction countFunction_interfaces to direction ROUTERS1
parseSet: Common Services
Reports to RRD
Reports to DBM::Deep
Scorepage is latest.html
Scorepage is latestother.html
DIRECTION: ROUTERS2-LINE2
Direction routergroup=ROUTERS2-LINE2
Exporter: 10.2.2.2,
interface: 10
Exporter: 10.2.2.3,
interface: 10
Exporter: 10.2.2.4,
interface: 10
Exporter: 10.2.2.5,
interface: 10
Assign routergroup ROUTERS2-LINE2 to Direction ROUTERS2-LINE2
Assigning countfunction countFunction_interfaces to direction ROUTERS2-LINE2
parseSet: Common Services
Reports to RRD
Reports to DBM::Deep
Scorepage is latest.html
DIRECTION: other
Assigning countfunction countFunction_pure to direction other
parseSet: Common Services
Reports to RRD
Reports to DBM::Deep
DIRECTION: ROUTERS1-LINE1
Direction routergroup=ROUTERS1-LINE1
Exporter: 10.1.1.1,
interface: 10
Exporter: 10.1.1.2,
interface: 10
Assign routergroup ROUTERS1-LINE1 to Direction ROUTERS1-LINE1
Assigning countfunction countFunction_interfaces to direction ROUTERS1-LINE1
parseSet: Common Services
Reports to RRD
Reports to DBM::Deep
Scorepage is latest.html
Scorepage is latestother.html
DIRECTION: ROUTERS1-LINE2
Direction routergroup=ROUTERS1-LINE2
Exporter: 10.1.1.1,
interface: 11
Exporter: 10.1.1.2,
interface: 11
Assign routergroup ROUTERS1-LINE2 to Direction ROUTERS1-LINE2
Assigning countfunction countFunction_interfaces to direction ROUTERS1-LINE2
parseSet: Common Services
Reports to RRD
Reports to DBM::Deep
DIRECTION: ROUTERS2
Direction routergroup=ROUTERS2
Exporter: 10.2.2.2,
interface: 9
Exporter: 10.2.2.3,
interface: 9
Exporter: 10.2.2.4,
interface: 9
Exporter: 10.2.2.5,
interface: 9
Exporter: 10.2.2.2,
interface: 10
Exporter: 10.2.2.3,
interface: 10
Exporter: 10.2.2.4,
interface: 10
Exporter: 10.2.2.5,
interface: 10
Exporter: 10.2.2.2,
interface: 13
Exporter: 10.2.2.3,
interface: 13
Exporter: 10.2.2.4,
interface: 13
Exporter: 10.2.2.5,
interface: 13
Assign routergroup ROUTERS2 to Direction ROUTERS2
Assigning countfunction countFunction_interfaces to direction ROUTERS2
parseSet: Common Services
Reports to RRD
Reports to DBM::Deep
DIRECTION: ROUTERS2-LINE1
Direction routergroup=ROUTERS2-LINE1
Exporter: 10.2.2.2,
interface: 9
Exporter: 10.2.2.3,
interface: 9
Exporter: 10.2.2.4,
interface: 9
Exporter: 10.2.2.5,
interface: 9
Assign routergroup ROUTERS2-LINE1 to Direction ROUTERS2-LINE1
Assigning countfunction countFunction_interfaces to direction ROUTERS2-LINE1
parseSet: Common Services
Reports to RRD
Reports to DBM::Deep
Wanted function created

JKFlow_example_as.xml
---------------------

JKFlow also handles AS selection in directions. Flows are first selected on
source/destination subnets, because this makes handling all flows the easiest.
In the case of direction Belgium-Holland-AS4041-AS2021, countFunction_withas
will select the flows with the matching AS'es. In the case of direction 
AS4041-AS2021 flows are selected directly on matching AS'es, so 
countFunction_pure apply.

<config>
  <definesets>
    <defineset name="Common Services">
      <application name="web">80/tcp,8080/tcp</application>
      <application name="secureweb">443/tcp</application>
      <application name="mailreading">110/tcp,143/tcp</application>
      <application name="windows">137-139/tcp,137-139/udp</application>
      <application name="dns">53/udp,53/tcp</application>
      <services>22-23/tcp,25/tcp,102/tcp,119/tcp</services>
      <otherservices/>
      <ftp/>
      <tuples>                                            <-- new in JKFlow 4.0
        <tuple>srcip,dstip</tuple>                        <-- new in JKFlow 4.0
        <tuple>srcip,dstport</tuple>                      <-- new in JKFlow 4.0
      </tuples>                                           <-- new in JKFlow 4.0
      <total/>
    </defineset>
    <defineset name="Extra Services">
      <protocols>tcp,udp,icmp</protocols>
      <multicast/>
      <otherprotocols/>
      <dscp/>
    </defineset>
    <defineset name="Scoreboarding">
      <scoreboard>
        <report count="12" base="agghour"/>
        <report count="72" base="agg6hour"/>
      </scoreboard>
    </defineset>
  </definesets>
  <sites>
    <site name="Belgium" subnets="10.10.0.0/16"/>
    <site name="Holland" subnets="10.20.0.0/16"/>
    <site name="England" subnets="10.30.0.0/16"/>
    <site name="Internet" subnets="0.0.0.0/0" nosubnets="10.0.0.0/8"/>
  </sites>
  <directions>
    <direction name="AS404142-AS202122" fromas="40,41,42" toas="20,21,22">
      <set name="Common Services"/>
      <set name="Extra Services"/>
      <set name="Scoreboarding"/>
      <reportrrd/>                                        <-- new in JKFlow 4.0
      <reportdb/>                                         <-- new in JKFlow 4.0
    </direction>
    <direction name="Belgium-Holland-AS4041-AS2021" from="Belgium" to="Holland" fromas="40,41" toas="20,21">
      <set name="Common Services"/>
      <set name="Scoreboarding"/>
      <reportrrd/>                                        <-- new in JKFlow 4.0
      <reportdb/>                                         <-- new in JKFlow 4.0
    </direction>
  </directions>
  <rrddir>/var/flows/reports/rrds</rrddir>
  <dbdir>/var/flows/reports/db</dbdir>                    <-- new in JKFlow 4.0
  <scoredir>/var/flows/score</scoredir>
  <sampletime>300</sampletime>
  <dbsamples>10</dbsamples>                               <-- new in JKFlow 4.0
</config>

# /usr/local/bin/flowscan
DIRECTION: Belgium-Holland-AS4041-AS2021
Adding fromsubnets Belgium
Adding fromsite Belgium
Adding fromsubnets subnet 10.10.0.0/16
Adding tosubnets Holland
Adding tosite Holland
Adding tosubnets subnet 10.20.0.0/16
Subnets: FROM=10.10.0.0/16 TO=10.20.0.0/16
Adding fromAS 40 toAS 20 to Direction Belgium-Holland-AS4041-AS2021
Adding fromAS 40 toAS 21 to Direction Belgium-Holland-AS4041-AS2021
Adding fromAS 41 toAS 20 to Direction Belgium-Holland-AS4041-AS2021
Adding fromAS 41 toAS 21 to Direction Belgium-Holland-AS4041-AS2021
Assigning countfunction countFunction_withas to direction Belgium-Holland-AS4041-AS2021
parseSet: Common Services
parseSet: Scoreboarding
Reports to RRD
Reports to DBM::Deep
DIRECTION: AS404142-AS202122
Adding fromAS 40 toAS 20 to Direction AS404142-AS202122
Adding fromAS 40 toAS 21 to Direction AS404142-AS202122
Adding fromAS 40 toAS 22 to Direction AS404142-AS202122
Adding fromAS 41 toAS 20 to Direction AS404142-AS202122
Adding fromAS 41 toAS 21 to Direction AS404142-AS202122
Adding fromAS 41 toAS 22 to Direction AS404142-AS202122
Adding fromAS 42 toAS 20 to Direction AS404142-AS202122
Adding fromAS 42 toAS 21 to Direction AS404142-AS202122
Adding fromAS 42 toAS 22 to Direction AS404142-AS202122
Assigning countfunction countFunction_pure to direction AS404142-AS202122
parseSet: Common Services
parseSet: Scoreboarding
parseSet: Extra Services
Reports to RRD
Reports to DBM::Deep
Wanted function created