Argus & Cisco Netflow

carter at qosient.com carter at qosient.com
Mon Mar 5 15:20:49 EST 2007


Depending on the version of ra there are differing versions of netflow supportm. rc.40 should do all the versions, but not version 9.  If this is not the case, then definately report what version netfow and I'll get on it!!!!

Carter


Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax  

-----Original Message-----
From: "Schilling, Timo" <Timo.Schilling at danet.de>
Date: Mon, 5 Mar 2007 15:03:56 
To:<argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] Argus & Cisco Netflow

Hi there,

I tried to read Cisco-NetFlow-Data from port 9995 with the ra-tool. On first server we have nProbe- respective fprobe-daemon. 
With ra I get nothing. Either an error-message nor the data I search for. When I start tcpdump, the packets arrive at port 9995, it seems that the daemon works correctly.

I tried to start listening with the following commands:

server> /usr/sbin/fprobe -ieth1 -fip -n5 10.10.10.2:9995
client> ra -CP 10.10.10.1:9995
I also tried radium with the same options, but this command only sets up a binary-file with the size of 4kb, always.

We use argus in version: 3.0.0.rc.34



After reading the mailinglist I tried to get some more information with "-D 12" but ra was as quiet as ever....

Hope someone could help me, 
bye

Timo Schilling

------------------------------------
Danet GmbH, Gutenbergstraße 10, 64331 Weiterstadt, Germany
Phone: +49 6151 868-610, Fax: +49 6151 868-980
eMail: timo.schilling at danet.de, URL: www.danet.com
 
Managing Board: Dr. Reiner Nickel (CEO), Dr. Burkhard Austermühl (CFO)
Chairman of the Supervisory Board: Jaques Bentz Address of Record: Weiterstadt
Commercial Register: Amtsgericht Darmstadt HRB 6450 - Tax Number: DE 172 993 071



More information about the argus mailing list