Flow-tools support

[Rafael Barbosa]

On Thu, Dec 16, 2010 at 5:59 PM, Carter Bullard <carter at qosient.com> wrote:
> Hey Rafael,
> flow-tools data should be just netflow data in a file, and we should be
> able to read the data no problem.  What error messages are you getting?

I do not get any error message, ra() simple does returns nothing. I
actually do not remember getting any file error from ra(), even if I
run it with an nonexistent file.

> What version(s) are you using?

argus clients: 3.0.2
flow-tools: 0.68
I am not sure with which versions the netflow files were generated though.

> And of course, as usual, send a sample of the data that generates the
> error, and I'll see what I can do.

Unfortunately this time I am not allowed to share the data. However as
I said I cannot even read files generated with 'flow-gen". I tried
these commands for example:

$>flow-gen -V5 > teste
$>ra -r teste (nothing is printed)
$>flow-cat teste | flow-print (1000 flows printed)
$>flow-cat teste | flow-export -f4 > teste.cflowd
$>ra -r teste.cflowd (nothing is printed)
$>flow-cat teste | flow-export -f0 > teste.wire
$>ra -r teste.wire (nothing is printed)

I also tried to pipe the output from different flow-tool applications
without luck.
Attached I send the "teste" flow file, if it helps.

--
Rafael

> Carter
>
> On Dec 16, 2010, at 10:36 AM, Rafael Barbosa wrote:
>
>> Hi all,
>>
>> I just got access to a netflow data repository stored in flow-tools
>> format and I wanted to use argus clients to analyze it. However I am
>> not able to read the files. I also generated a test file with
>> "flow-gen" (included in flow-tools package) and read it with argus,
>> but no luck. I tried digging in the mailing list history, but could
>> not find a solution.
>>
>> What is the recommended way to read flow-tools data? Is it necessary
>> to use flow-export to convert to a specific format?
>>
>> Thanks,
>> Rafael Barbosa
>> http://www.vf.utwente.nl/~barbosarr/
>>
>
>