flow-export wire output
Carter Bullard
carter at qosient.com
Wed Mar 19 13:03:00 EST 2003
Hey Scott,
There is a new argus-2.0.6.beta.7 dist on the server
that should do the right thing with Cisco wire formattted
input either in a file or from the network. So, this version
can read some netflow data generated by the flow-tools
routines. I tested by reading this output:
% flow-gen -n100 | flow-export -f4 > dump.dat
% ra -Cr dump.dat
Currently it handles netflow V1 and V5, only because that's
as much as I have right now. If other versions are required
just holler.
Definitely give this a try, and if it's cool, I'll migrate
it to the argus-clients distribution.
ftp://qosient.com/dev/argus-2.0/argus-2.0.6.beta.7.tar.gz
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Carter Bullard
> Sent: Wednesday, March 19, 2003 8:55 AM
> To: 'Scott A. McIntyre'
> Cc: argus-info at lists.andrew.cmu.edu
> Subject: RE: flow-export wire output
>
>
> Hey Scott,
> Working on it. The strategy is to allow for Cisco formatted input
> either from a file or off the wire, with the assumption that the
> flow-tools file format is similar to the current Cisco wire format,
> which it appears to be. So, I have to change a few things around,
> and redo the logic of the -S and -r options. No a huge problem,
> but not trivial.
>
> So ra* will expect Cisco formatted records if there is a -C
> on the command line, weather you are using -r or -S or reading
> from standard in.
>
> So hopefully next week.
>
> Carter
>
>
>
> > -----Original Message-----
> > From: Scott A. McIntyre [mailto:scott at xs4all.net]
> > Sent: Wednesday, March 19, 2003 1:18 AM
> > To: Carter Bullard
> > Subject: Re: flow-export wire output
> >
> >
> > Hey Carter,
> >
> > Did you figure out the magic foo to get argus() or ra()
> tools to work
> > with cflowd data, either directly or after being processed
> > through the
> > arts++ or flow-tools tools?
> >
> > Regards,
> >
> > Scott
> >
> >
>
>
>
More information about the argus
mailing list