Flow-tools support

Carter Bullard carter at qosient.com
Thu Dec 16 14:41:03 EST 2010 

No teste file attached.  Of course it will help, if you say ra* programs can't read it.
Carter

On Dec 16, 2010, at 2:17 PM, Rafael Barbosa wrote:

> On Thu, Dec 16, 2010 at 5:59 PM, Carter Bullard <carter at qosient.com> wrote:
>> Hey Rafael,
>> flow-tools data should be just netflow data in a file, and we should be
>> able to read the data no problem.  What error messages are you getting?
> 
> I do not get any error message, ra() simple does returns nothing. I
> actually do not remember getting any file error from ra(), even if I
> run it with an nonexistent file.
> 
>> What version(s) are you using?
> 
> argus clients: 3.0.2
> flow-tools: 0.68
> I am not sure with which versions the netflow files were generated though.
> 
>> And of course, as usual, send a sample of the data that generates the
>> error, and I'll see what I can do.
> 
> Unfortunately this time I am not allowed to share the data. However as
> I said I cannot even read files generated with 'flow-gen". I tried
> these commands for example:
> 
> $>flow-gen -V5 > teste
> $>ra -r teste (nothing is printed)
> $>flow-cat teste | flow-print (1000 flows printed)
> $>flow-cat teste | flow-export -f4 > teste.cflowd
> $>ra -r teste.cflowd (nothing is printed)
> $>flow-cat teste | flow-export -f0 > teste.wire
> $>ra -r teste.wire (nothing is printed)
> 
> I also tried to pipe the output from different flow-tool applications
> without luck.
> Attached I send the "teste" flow file, if it helps.
> 
> --
> Rafael
> 
>> Carter
>> 
>> On Dec 16, 2010, at 10:36 AM, Rafael Barbosa wrote:
>> 
>>> Hi all,
>>> 
>>> I just got access to a netflow data repository stored in flow-tools
>>> format and I wanted to use argus clients to analyze it. However I am
>>> not able to read the files. I also generated a test file with
>>> "flow-gen" (included in flow-tools package) and read it with argus,
>>> but no luck. I tried digging in the mailing list history, but could
>>> not find a solution.
>>> 
>>> What is the recommended way to read flow-tools data? Is it necessary
>>> to use flow-export to convert to a specific format?
>>> 
>>> Thanks,
>>> Rafael Barbosa
>>> http://www.vf.utwente.nl/~barbosarr/
>>> 
>> 
>> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101216/8e8be6e3/attachment.bin>

More information about the argus mailing list