Netflow and "srcid"
K K
kkadow at gmail.com
Thu May 3 19:46:44 EDT 2007
On 5/3/07, carter at qosient.com <carter at qosient.com> wrote:
> Yes, that should be pretty easy, depending on how you are send the netflow records. Are they all going to the same daddr and port? If so we'll have to get/use the src address as the srcid, or we'd have to have a translation table to look up the srcid.
All the routers are configured identically, going to the same daddr
and port, so the listener would need to extract the src address from
each packet to use as the srcid for the flow.
> Any suggestions how you would want to configure this?
Since prior to V3 the srcid field was just zeros for Netflow records,
and assuming the overhead to retrieve the remote address per UDP
packet is minimal, using the packet raddr could just be the default
for Cisco Netflow sources?
Another option would be to extend the existing radium "-e" flag (to
specify your own source identifier), and add this flag and code to ra
to match radium's behavior?
Kevin
More information about the argus
mailing list