Reading Cisco netflow with argus
Mike Iglesias
iglesias at uci.edu
Wed Feb 28 13:29:15 EST 2007
I'm trying to read Cisco netflow records with argus (both 2.0.6 and 3.0 rc39).
I'd like to read the netflow stream and write argus records.
I'm not sure which program in 3.0 to use, ra or radium, but neither one seem
to be writing data out. I've tried
ra -C -P 9995 -w output-file
radium -C -P 9995 -w output-file
ra doesn't appear to bind to port 9995, and radium doesn't write out anything,
and wants tty input for some reason.
In 2.0.6, I can get "ra -C -S 9995 -w output-file" to write a file, but
reading it with ra or ragator produces crud (times appear to be zero, for
example) for output, eventually causing a seg fault.
So how do I do this in either 2.0.6 or 3.0? Unless I'm missing something,
there doesn't appear to be a lot of documentation on how to do this with argus.
--
Mike Iglesias Email: iglesias at uci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2069
More information about the argus
mailing list