Argus & Cisco Netflow
Peter Van Epp
vanepp at sfu.ca
Mon Mar 5 14:01:44 EST 2007
On Mon, Mar 05, 2007 at 03:03:56PM +0100, Schilling, Timo wrote:
> Hi there,
>
> I tried to read Cisco-NetFlow-Data from port 9995 with the ra-tool. On first server we have nProbe- respective fprobe-daemon.
> With ra I get nothing. Either an error-message nor the data I search for. When I start tcpdump, the packets arrive at port 9995, it seems that the daemon works correctly.
>
> I tried to start listening with the following commands:
>
> server> /usr/sbin/fprobe -ieth1 -fip -n5 10.10.10.2:9995
> client> ra -CP 10.10.10.1:9995
> I also tried radium with the same options, but this command only sets up a binary-file with the size of 4kb, always.
>
> We use argus in version: 3.0.0.rc.34
>
First thing to try would be upgrade to 3.0.0.rc.40 (or the latest if
41 is up) as I think netflow was broken at one point.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list