argus client -S option

Mon Jun 2 14:53:29 EDT 2008

hi carter,

After debugging is on, I have already figured out my problem using
racluster. If I need racluster to report the flow record every 60 seconds, I
need to specify status=60 or else racluster won't report them in stdout.
That's the reason why I can see ra flows all the time but not racluster.

Thanks!

Sorry for the hassle, your clue is helpeful to me.

On the side note, there's one line in radium man page which need to be
corrected -

radium -C -S host1 -S host2 -de `hostname` -P 562

No more -C -S, just -C for cisco netflow.

Cheers ;]

On Mon, Jun 2, 2008 at 6:20 PM, CS Lee <geek00l at gmail.com> wrote:

> Hi Carter,
>
> Thanks for your clue about the configure output for ratop question, it
> seems that ncurses.h is not there and I need to do
>
> sudo apt-get install libncurses5-dev
>
> And ratop works on Ubuntu now. Thanks for the clue.
>
> The -M poll works now with RA_PRINT_MAN_RECORDS=yes in .rarc, but this
> config variable is not mentioned in the rarc man page.
>
> I have compiled them with debug now, and will see how it goes.
>
> Thanks.
>
>
>
> On Tue, Jun 3, 2008 at 1:21 AM, Carter Bullard <carter at qosient.com> wrote:
>
>> Hey CS Lee,Well lots of things in your email.
>>
>> All the ra* programs use the same code to attach and read data, so
>> it is unlikely that there is a problem specific to a given ra* program
>> when it relates to attaching to remote argi sources.
>>
>> Try compiling with debug support and running with something like "-D5".
>> That should tell you enough, I suspect, to see what is going on.
>> The polling is to see if the remote source is there and running, but
>> we turned printing management records off by default, so you may need
>> to turn on the "RA_PRINT_MAN_RECORDS" for the polling to appear to
>> work ?
>>
>> As to ratop(), I need a bit more detail than you have provided to
>> understand
>> what could be the problem.  There are a lot of potential gotchas with
>> curses
>> based programs on many platforms, so I'll need stuff like the output of
>> the
>> ./configure run, to see what curses did it find, etc....
>>
>> Hope all is most excellent,
>>
>> Carter
>>
>> On Jun 2, 2008, at 11:47 AM, CS Lee wrote:
>>
>> hi all,
>>
>> Been a while since I was active here ... hopefully everyone is doing well
>> ;]
>>
>> I'm using argus 3 release now.
>>
>> One question, can anyone connect to argus probe in real time using argus
>> client tools except ra. For example -
>>
>> argus -B 127.0.0.1 -P 561 -i eth1
>>
>> ra -S 127.0.0.1:561
>>
>> The ra has no problem, but when I use racluster or other client tools, it
>> seems no output is printed in stdout once it is connected to the argus.
>>
>> On the other hand, I try the -M poll, it doesn't seem that the client is
>> attaching to the server and exit immediately.
>>
>> And when i use ratop on freebsd 7, no problem when attaching to the argus
>> probe, but this is not the case on ubuntu gutsy.
>>
>> Thanks.
>>
>> --
>> Best Regards,
>>
>> CS Lee<geek00L[at]gmail.com>
>>
>> http://geek00l.blogspot.com
>>
>>
>>
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
>

-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080602/9f1d0f32/attachment.html>