Argus - Cisco Netflow
Carter Bullard
carter at qosient.com
Tue Mar 13 13:43:06 EDT 2007
Hey CS Lee,
I think the actual syntax is/should be:
ra -CS 9995
you would think that the host address would be needed, but because its
a receive only UDP datagram socket, there is no address. I can make it
so that if you feed it an address:port pair, which is the standard
syntax
for the '-S' option, it will handle it fine.
You are using the 'P' option to eat the "1.2.3.4" string. Other than
that, it
has no effect in this case.
Carter
On Mar 13, 2007, at 1:29 PM, CS Lee wrote:
> Carter,
>
> After some testing, I have Cisco netflow version 5 imported
> properly, the correct syntax to import Cisco Netflow v5 ( I haven't
> tested on other version of netflow ) should be this -
>
> ra -CP 1.2.3.4 -S 9995
>
> Provided that you are exporting your netflow data to 1.2.3.4 and
> dst port 9995, you just need to run this, I haven't tried it on
> other argus clients but since most of ra options are supported, I
> may think it work but I will do further testing to see how it goes.
> But when I try to check on man page, and the ra -h, I haven't found
> anything about -P, but rather confusing result -
>
> -C specify Cisco Netflow source
> -S <host[:port]> specify remote argus and optional port number
> <port> specify Cisco datagram port number.
>
> Trying ra -C 1.2.3.4 -S 9995 won't work, so I think -P should be
> added so that people can get it right easily. Cheers :)
>
> About time for me to test radium, later all.
>
>
> Cheers.
>
> --
> Best Regards,
>
> CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070313/3d768285/attachment.html>
More information about the argus
mailing list