netflow on clients.63?
Peter Van Epp
vanepp at sfu.ca
Fri Nov 16 15:49:58 EST 2007
I'm trying (so far without success :-)) to get V 5 netflow data in to
a rc.63 clients ra with this (by the way .threads is on by default in the
clients, is it supposed to be?):
# ra3 -C -S 192.75.244.195:1025 -n -D8
ra3[24189]: 07-11-16 12:39:37 main: reading files completed
ra3[24189]: 07-11-16 12:39:37 ArgusCalloc (1, 16) returning 0x101f5180
ra3[24189]: 07-11-16 12:39:37 ArgusNewQueue () returning 0x101f5180
ra3[24189]: 07-11-16 12:39:37 Binding AF_ANY:1025 Expecting Netflow records
ra3[24189]: 07-11-16 12:39:37 ArgusGetServerSocket (0xf7f48008) returning 3
ra3[24189]: 07-11-16 12:39:37 ArgusCalloc (1, 1048576) returning 0xf7e47008
ra3[24189]: 07-11-16 12:39:37 ArgusCalloc (1, 2048) returning 0x101f5638
ra3[24189]: 07-11-16 12:39:37 ArgusCalloc (1, 2048) returning 0x101f5e40
ra3[24189]: 07-11-16 12:39:37 ArgusParseInit(0xf7faf008 0xf7f48008
ra3[24189]: 07-11-16 12:39:37 ArgusReadConnection(0xf7f48008, 2) reading cisco wire format
ra3[24189]: 07-11-16 12:39:37 ArgusReadConnection(0xf7f48008, 2) returning 0
ra3[24189]: 07-11-16 12:39:37 ArgusFree (0x101f5180)
ra3[24189]: 07-11-16 12:39:37 ArgusDeleteQueue (0x101f5180) returning
ra3[24189]: 07-11-16 12:39:37 ArgusReadStream(0xf7faf008) starting
ra3[24189]: 07-11-16 12:39:38 ArgusClientTimeout()
ra3[24189]: 07-11-16 12:39:39 ArgusClientTimeout()
ra3[24189]: 07-11-16 12:39:40 ArgusClientTimeout()
ra3[24189]: 07-11-16 12:39:41 ArgusClientTimeout()
ra3[24189]: 07-11-16 12:39:42 ArgusClientTimeout()
ra3[24189]: 07-11-16 12:39:43 ArgusClientTimeout()
ra3[24189]: 07-11-16 12:39:44 ArgusClientTimeout()
ra3[24189]: 07-11-16 12:39:45 ArgusClientTimeout()
"ra3[24189]: 07-11-16 12:39:37 Binding AF_ANY:1025 Expecting Netflow records"
is a bit worrying because there are something like 5 interfaces on this machine
and the correct one is eth4 for the netflow data but the source IP seems to
have been lost somewhere. Netflow data is appearing on the eth4 interface:
12:06:18.501690 IP 192.75.244.195.65535 > 142.58.101.253.1025: UDP, length 1464
12:06:18.512062 IP 192.75.244.195.65535 > 142.58.101.253.1025: UDP, length 1464
12:06:18.519183 IP 192.75.244.195.65535 > 142.58.101.253.1025: UDP, length 1464
12:06:18.527801 IP 192.75.244.195.65535 > 142.58.101.253.1025: UDP, length 1464
12:06:18.535299 IP 192.75.244.195.65535 > 142.58.101.253.1025: UDP, length 1464
12:06:18.543919 IP 192.75.244.195.65535 > 142.58.101.253.1025: UDP, length 1464
12:06:18.551789 IP 192.75.244.195.65535 > 142.58.101.253.1025: UDP, length 1464
12:06:18.560409 IP 192.75.244.195.65535 > 142.58.101.253.1025: UDP, length 1464
12:06:18.566281 IP 192.75.244.195.65535 > 142.58.101.253.1025: UDP, length 1464
12:06:18.574275 IP 192.75.244.195.65535 > 142.58.101.253.1025: UDP, length 1464
12:06:18.582771 IP 192.75.244.195.65535 > 142.58.101.253.1025: UDP, length 1464
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list