Reconstituting flows
Carter Bullard
carter at qosient.com
Wed Mar 27 15:45:54 EST 2002
Hey Chris,
With argus-2.0.5.beta.6 all ra* programs should convert
netflow to argus. There is no AS field in the public argus
record, so you lose that, and of course the network records
don't have any real TCP or ICMP information, so you lose
a lot of status information. But other than the AS
information, all the rest is captured in the argus records.
So argus-2.0.5.beta.4 did will with Version 1 records,
and beta.6 does v5, v6, and should do v8 records, but I
haven't tested v8 at all.
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
carter at qosient.com
Phone +1 212 588-9133
Fax +1 212 588-9134
http://qosient.com
> -----Original Message-----
> From: newton [mailto:newton at unb.ca]
> Sent: Wednesday, March 27, 2002 2:37 PM
> To: carter at qosient.com
> Subject: RE: Reconstituting flows
>
>
> Hey Carter, I've always meant to ask... how complete is the
> Cisco Netflow
> processing in argus? Ie: if I point an ra client at a cisco
> box, will I get
> perfectly normal argus flows as a result? Or will there be
> things missing?
>
> Thanks
>
> Chris
>
More information about the argus
mailing list