using flow-tools for ad hoc flow reports (was "Re: toptalkers over a longer timespan")
Carter Bullard
carter at qosient.com
Fri Feb 21 14:04:39 EST 2003
Hey Alexander,
Interestingly someone else sent a bug report on this
just yesterday, so I'm working on fixing this, this weekend.
If you could send me some sample output of "flow-export -f0",
I'll make sure it works.
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Alexander Bochmann
> Sent: Friday, February 21, 2003 12:20 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Re: using flow-tools for ad hoc flow reports (was
> "Re: toptalkers over a longer timespan")
>
>
> Hi,
>
> ...on Fri, Feb 21, 2003 at 11:05:17AM -0500, Mark Fullmer wrote:
>
> > > Would it also be possible to convert flowtools capture
> > > files to cflowd format, so that argus can understand them?
> > Yes. Use flow-export -f0.
>
> Hm, it seems argus doesn't understand the output:
>
> flow-export -f0 < ft-v05.2003-02-21.000000+0100 |
> ~bochmann/src/argus-clients-2.0.6.beta.38/bin/ra -r -
> ArgusAlert: ra[15221]: ArgusReadConnection: not Argus-2.0 data stream.
>
> The ArgusAlert message is the one from line 1954 of argus_parse.c,
> after argus has finished it's check for netflow data (added a tag
> to be shure).
>
> flow-tools version on that machine is 0.62...
>
> Alex.
>
>
More information about the argus
mailing list