argus and flow-tools
Mark Poepping
poepping at cmu.edu
Thu Jul 8 09:10:02 EDT 2010
As I recall, you can set up any of the argus tools to read from a Cisco
netflow export directly, take a look at the -C option.. [usual netflow data
model caveats apply]
Mark.
>-----Original Message-----
>From: argus-info-bounces+poepping=cmu.edu at lists.andrew.cmu.edu
[mailto:argus-
>info-bounces+poepping=cmu.edu at lists.andrew.cmu.edu] On Behalf Of Riccardo
>Veraldi
>Sent: Thursday, July 08, 2010 4:39 AM
>To: argus-info at lists.andrew.cmu.edu
>Subject: [ARGUS] argus and flow-tools
>
>Hello,
>on my site I want to use Argus for net monitoring porpouses.
>Since my uplink is 10Gbps, I need to use Netflow to collect data and I'd
>like to use argus client tools for analysis.
>So here is my question.
>What is the best way to collect raw Netflow data files for later analysis ?
>Can argus collect and save argus data files from a Netflow source
>(running as argus daemon), or do I need to use
>flow-tools like flow-capture to first capture Netflow data and then use
>the ra* program for analysis ?
>
>Otherwise can I read Netflow data directly from ra* clients and convert
>them and write them to disc into the argus file format ?
>
>thanks
>
>
>Rick
>
>
>
>
More information about the argus
mailing list