Reconstituting flows

newton newton at unb.ca
Wed Mar 27 11:07:18 EST 2002 

Thanks Carter.  Yup, the commercial version is definatly what I will be moving 
towards.  Right now, unfortunatly, isn't quite the right time... as much as 
I'd like it to be.  Also, is the flow format a little different in the 
commercial version?  That was one of my other concerns (ie: if it is diff, I 
need time to do integration/changes to the new argii, and testing).

  Thanks for the comments on ragator... that what I, during my sleepy sleepy 
time last night, was thinking might be my answer.

Thanks!

Chris

>===== Original Message From <carter at qosient.com> =====
>Hey Chris,
>If you have two argi looking at each side of the
>pipe, you will generate two argus data streams of
>half-duplex flow reports.  You can merge these
>half-duplex argus records back together using ragator,
>just as ragator merges netflow records into the single
>full-duplex flow report.  Because ragator can connect
>to two argus sources in real-time, you can do the
>reconstitution on the fly.   The required ragator
>configuration file will take a bit of tuning, but it
>is more than doable.
>
>CMU is testing a collector that is designed to be much
>better than the freebie ragator at load.  That code
>is part of the commercial argus effort and may eventually
>be what your looking for.
>
>
>Carter
>
>Carter Bullard
>QoSient, LLC
>300 E. 56th Street, Suite 18K
>New York, New York  10022
>
>carter at qosient.com
>Phone +1 212 588-9133
>Fax   +1 212 588-9134
>http://qosient.com
>
>> -----Original Message-----
>> From: owner-argus-info at lists.andrew.cmu.edu
>> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of newton
>> Sent: Wednesday, March 27, 2002 8:48 AM
>> To: argus-info at lists.andrew.cmu.edu
>> Subject: Reconstituting flows
>>
>>
>> Hi all.  If I have a big fat pipe I want to monitor, and I am
>> wondering if it
>> might be better if I buy two boxes, and a tap to do the work.
>>  With the tap, I
>> would split off both sides of the full duplex connection and
>> send each side of
>> that conenction to a single box running argus.  My question
>> is, when Argus
>> builds flows out of these on both boxes, how can I 'reconnect', or
>> reconstitute these flows back into 1 flow?
>>
>>  Anyone got any ideas?
>>
>> Thanks
>>
>> Chris
>>
>>
>>
>>

More information about the argus mailing list