Argus-info Digest, Vol 15, Issue 19

Carter Bullard carter at qosient.com
Mon Nov 20 10:28:37 EST 2006 

Hey CS Lee,
I made a call for some netflow files so that I can do some testing,  
but the only
examples I got were flow-tools files.  What I need is native netflow  
files, or a
stream of netflow records just as they would come off the wire.

Does anyone have any examples of this stuff?

And CS, what version do you want to see?  I'll try to have all  
versions integrated
back into the tool set before we release, but as long as argus-2.x  
reads them
all, and argus-3.0 can translate the records, its not the highest  
priority right now.

Ramatrix is eye candy at least for anyone but me.  The patterns it  
generates
do have real information in them, though, as the speed and length of  
the falling
trails is directly proportional to the bps of the flows they  
represent, and as the
flow persists, the length and speed will shorten, until they are just  
single chars,
flipping.  The way that regions "refresh" is slightly informative, so  
I can look at
the display and see anomalous behavior, but I'm a pretty imaginative  
guy :o)

On my mac os x box, using an xterm-color terminal, I'm not getting  
the A_DIM
characters, and the character set is really limited, so not much to  
work with
in terms of getting the display to look like some of the actual  
screens in the
movie, but they are kinda close, if you back up a bit from the  
screen :o)

I think its there as an example of how easy it is to do this type of  
display.  If we
want to put some meaning and utility, then having a discussion and  
dialog on
what to do in the display would be very interesting.   If, of course,  
you liked the
movie.


Carter


On Nov 20, 2006, at 7:17 AM, CS Lee wrote:

> Carter,
>
> The rc.35 is probably almost in production quality(at least for  
> me), however I would like to know that whether cisco netflow is  
> supported as it is in ra man page. Rahisto would be another good  
> tool to create net graph for visualization. However I'm wondering  
> how one can make use of ramatrix or is it just for eye candy, point  
> me out as I'm confusing with ramatrix output :)
>
> We can't wait for solid release, at least my boss won't bug me of  
> running software in beta release. Thanks.
>
> -- 
> Best Regards,
>
> CS Lee<geekooL[at]gmail.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061120/886f5378/attachment.html>

More information about the argus mailing list