NetFlow (ra -C)
Yann Berthier
yb at sainte-barbe.org
Thu Feb 20 04:37:43 EST 2003
On Thu, 20 Feb 2003, Scott A.McIntyre wrote:
> Hi,
>
> Perhaps I've not had enough coffee yet today, but I can't seem to get a
> ra-client to attach to a netflow source, specifically, I've got running
> a cflowd, cflowdmux and the other caida tools all up and running,
> however if I use ra -C -S localhost:5555, I get:
>
> ArgusError: ra[5033]: usage: -C and -S not compatible.
>
> And if I flip the order around, ra -S localhost:5555 -C ...:
>
> ArgusError: ra[5052]: ArgusAddHostList: format error -S no port value.
>
> So, how does one do this properly?
Do you try to get data from a Cisco NetFlow _and_ an argus source at
the same time ? If yes I don't think this is possible as stated by
the error message you get (please correct me if i'm wrong)
The way to get netflow and argus data are mutually exclusive: with
neflow source you bind on a udp local port waiting for udp datagrams
sent by you netflow source, with argus source you connect to the
remote tcp socket of the argus server (kind of push vs pull, well not
really but you get the point)
The -C flag indicates to ra() that you bind on port 9995/udp
listening for netflow input (change the port with -P). All you have
to do is to say to your favorite netflow generator to send the
netflow data to your box (here localhost as it seems)
I'm afraid i'm a bit confusing - lack of coffee here too :p
- yann
More information about the argus
mailing list