Argus and NetFlow playing together.

Scott A. McIntyre scott at xs4all.net
Tue Dec 16 12:58:14 EST 2003



Hi,

I'd like to hear (off-list is fine) from people who have some wisdom 
regarding the integration of NetFlow and Argus -- I know and love Argus, 
and much prefer the tools that I have included there, but I'm having to 
work with flows now on a regular basis.

At the moment I've got some simple scripts that do some 
flow-import/flow-export to create the wire format that ra() can read, and 
that works okay, but as I'm not entirely familiar with why/how cflowd 
works, I know I'm missing out on a lot of the power.

For example, I've got dozens of flow files for each router all of which are 
a fixed size and a fixed number of which are created (as per cflowd.conf). 
I suspect that I'm doing the correct thing with the flow-exportation into 
wire format, but perhaps there are others here who have better automated 
this or have some hints that will make it easier to work with cflowd data.

It would also be great if there were some way for argus to handle arts++ 
data; I'm learning to use the various utilities included with arts++ but 
have years of argus familiarity preferring to be used.

Thanks for any suggestions or pointers.

Scott




More information about the argus mailing list