argus and Cisco NetFlow

[Riccardo Veraldi]

So if I want to analyze Netflows with argus I only need to use the argus 
clients.
How to convert netflows into argus format files ?
what the syntax ?
thanks a lot

Rick


carter at qosient.com wrote:
> Hey Riccardo,
> The answer to each of your questions is yes, however, 10 Gbps monitoring without special hardware will be a challenge.  I use Endace's Dag cards, and fiber optic splitters, and they will support about 40-70% of line rate, depending on the type of traffic.  Argus-3.0 should be able to keep up, but gargoyle does a much better than Argus, at these speeds. 
>
> If you can find a router that will generate netflow at 10 Gbps, the ra* programs can read them, convert them so you can sort, filter, etc ....  These will be statistical flow records, which are useful? Ra* on a good day should be able to process 50-100K records/sec, reading, writing, etc...   Your milage may vary..
>
> There is lot of interest in this area, but it is not trivial, nor inexpensive.  Some of the 10 Gbps ethernet cards, with PCI Express may be able to do a good job.
>
> Carter
>
> Carter Bullard
> QoSient LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax  
>
> -----Original Message-----
> From: Riccardo Veraldi <Riccardo.Veraldi at cnaf.infn.it>
> Date: Thu, 13 Jul 2006 12:18:36 
> To:argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] argus and Cisco NetFlow
>
>
> Hello I would like to monitor my 10Gb/s link with argus.
> I did it many times up to 1Gb links mirroring the link port into another 
> gigabit port.
> The problem now is that 10Gb/s is really a huge amount of traffic.
> Can I collect traffic information with Cisco Netflow (since the router 
> attached to the TenGb/s uplink is a Cisco 7600)
> and analyze them using argus ?
> Can I still save historycal information of past packets ?
> Ho can I fo it ?
> Can I create argus files from cisco NEtFlow strem ?
> any suggestions ?
> thanks
>
> Rick
>
>
>