Netflow question
Carter Bullard
carter at qosient.com
Sat Jan 19 22:28:29 EST 2008
Peter,
I put a new clients.rc.68 that should fix your problem.
For racluster(), ratop() and rabins().
Carter
On Jan 18, 2008, at 4:42 PM, Peter Van Epp wrote:
> On Fri, Jan 18, 2008 at 04:28:42PM -0500, Carter Bullard wrote:
>> Hey Peter,
>> If you can just grab the records with "ra -r pobox.netflow -w
>> test.out
>> - host 71.90.234.102 and port 1254"
>> that should get me the data I need to see if I get the same behavior.
>>
>> This should give you the same results?
>> "ra -r pobox.netflow -w - - host 71.90.234.102 and port 1254 |
>> racluster -f racluster.conf"
>>
>> Carter
>>
>
> Yep same output. test.out attached:
>
> vanepp at sniffer1:/spare> ra3 -r pobox.netflow -w test.out - host
> 71.90.234.102 and port 1254
> vanepp at sniffer1:/spare> ra3 -r test.out
> 08-01-11 11:38:58 e tcp 142.58.101.50.smtp ?
> > 71.90.234.102.de-noc 7 1035
> 08-01-11 11:38:59 e tcp 71.90.234.102.de-noc ?
> > 142.58.101.50.smtp 9 682
> vanepp at sniffer1:/spare> ra3 -r pobox.netflow -w - - host
> 71.90.234.102 and port 1254 |racluster -f racluster.conf
> 08-01-11 11:38:58 e tcp 142.58.101.50.smtp ?
> > 71.90.234.102.de-noc 7 1035
> 08-01-11 11:38:59 e tcp 71.90.234.102.de-noc ?
> > 142.58.101.50.smtp 9 682
> vanepp at sniffer1:/spare> ra3 -r test.out -w - - host 71.90.234.102
> and port 1254 |racluster -f racluster.conf
> 08-01-11 11:38:58 e tcp 142.58.101.50.smtp ?
> > 71.90.234.102.de-noc 7 1035
> 08-01-11 11:38:59 e tcp 71.90.234.102.de-noc ?
> > 142.58.101.50.smtp 9 682
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
> <test.out>
More information about the argus
mailing list