Netflow problems with 'O'

Carter Bullard carter at qosient.com
Fri Jan 12 09:38:04 EST 2001 

Hey Torbjorn,
No, we support many versions so that should not be a problem.
Ra has some debugging support in it which we can try to use
to see what's going on.  I'm also going to leave this thread
on the list in case anyone has any similar experiences.

To turn on debugging, you need to build argus with the file
".debug" in the argus source root directory.  This turns on
the compile time debugging statement.

  % cd argusdir
  % touch .debug
  % gmake clobber
  % ./configure
  % gmake

After all of this, now you've got a ra() that will printout
debugging statements.

Try ra now with a "-d 8" and lets see what you get.
I would run it with the "-n" option as well so that
name resolution is not an issue.

   ra -d8 -ncCa

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 813-9426
Fax   +1 212 813-9426


> -----Original Message-----
> From: Torbjorn.Wictorin at its.uu.se [mailto:Torbjorn.Wictorin at its.uu.se]
> Sent: Friday, January 12, 2001 9:29 AM
> To: Carter Bullard
> Subject: RE: argus-2.0.0O.tar.gz
>
>
> hello again,
>
> No, I have verified that there is UDP data coming to port 9995
> on my host and that ra is listening on the same port.
> Could it be the version (1) of netflow data? I understand that it
> exists other, but the IOS release is to old to produce anything else.
>
> /torbjörn
>
> On Fri, 12 Jan 2001, Carter Bullard wrote:
>
> > Hey Torbjorn,
> > There could still be bugs, so I'm sure it is not
> > an understanding issue.  So, tcpdump indicates that
> > the netflow data is indeed going to the ra() host
> > and port 9995?
> >
> > If the router is sending to a different port, then
> > you may have to use the -P option.  Is this possibly
> > a problem?
> ..
> > > perhaps it is something that I dont understand...
> > >
> > > I have configured a cisco router to send netflow records (type 1).
> > > Can see with tcpdump that data arrives.
> > > Compiled argus-2.0.0O.
> > > ra -C -a
> > >
> > > bin/ra -C -a
> > > ra: Binding port 9995 Expecting Netflow records
> > > ra: receiving
> > > (waited a while, ^C)
> > > No data seen.
> > >
> > > netstat -a shows that ra is listening on udp port 9995 while
> > > running ra.
> > >
> > > Any ideas?
> > >
> > > btw, tried bin/ra -C -S xxx.xxx.xxx.xxx
> > > this tries to connect to an argus server on xxx.xxx.xxx.xxx
> > > should perhaps be clarified...
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20010112/ceb900ba/attachment.html>

More information about the argus mailing list