ra and Cisco net-flow configuration

Carter Bullard carter at qosient.com
Sat Feb 23 10:13:24 EST 2002


Hey Torbin,
   You need argus-2.0.5.beta.2 to do well with the Cisco
records.  You can get it at ftp://qosient.com/dev/argus-2.0.
If you are using 2.0.5.beta.2, definitely send more mail,
as this should be working.

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu 
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of 
> Torben Mellerup
> Sent: Saturday, February 23, 2002 7:39 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: ra and Cisco net-flow configuration
> 
> 
> Hi 
> 
> Just sitting and playing around with ra for 'real-time' 
> monitoring of flows from a Cisco router, 
> 
> Router config:
> 
> ip flow-cache timeout inactive 600
> ip flow-cache timeout active 5
> ip flow-export source Ethernet1
> ip flow-export version 5
> ip flow-export destination 192.168.240.36 3737
> 
> interface Ethernet1
>  ip address 192.168.240.35 255.255.255.248
>  no ip redirects
>  ip nat inside
>  ip route-cache flow
> 
> ra command on host 192.168.240.36:
> 
> (and of coause a lot of traffic passing the router :-))
> 
> ra -ncCP 3737
> 
> Result:
> 
> 01 Jan 70 01:00:00     ip         0.0.0.0        -           
> 0.0.0.0       0        0         0            0           INT
> 01 Jan 70 01:00:00     ip         0.0.0.0        -           
> 0.0.0.0       0        0         0            0           INT
> 
> Nothing in output ?
> 
> 
> What im i doing wrong ?
> 
> argus tools compiled on both RH6.2 and RH7.1 with latest 
> libpcap, same result.
> 
> Best regards
> Torben Mellerup
> 
> 



More information about the argus mailing list