argus and flow-tools

Carter Bullard carter at qosient.com
Thu Jul 8 09:50:47 EDT 2010 

Hey Riccardo,
Mark is right, you will want to use the argus-client programs, specifically
radium() to have a daemon collect from your netflow source.  If you get
the latest developers code, which is almost ready to be released as
argus-clients-3.0.4, all the clients have new syntax for reading cisco records:

   ra -S cisco://host:port

where host is the destination address the router is configured to send
the records to, and port is the port.  You will use the same type of syntax
in the radium.conf file you would use for daemon collection.

If you use argus-clients-3.0.2 code, use the "-C" option for ra*.

   ra -C host:port

The man pages are pretty good on this topic.

Carter

On Jul 8, 2010, at 9:10 AM, Mark Poepping wrote:

> As I recall, you can set up any of the argus tools to read from a Cisco
> netflow export directly, take a look at the -C option..  [usual netflow data
> model caveats apply]
> Mark.
> 
> 
>> -----Original Message-----
>> From: argus-info-bounces+poepping=cmu.edu at lists.andrew.cmu.edu
> [mailto:argus-
>> info-bounces+poepping=cmu.edu at lists.andrew.cmu.edu] On Behalf Of Riccardo
>> Veraldi
>> Sent: Thursday, July 08, 2010 4:39 AM
>> To: argus-info at lists.andrew.cmu.edu
>> Subject: [ARGUS] argus and flow-tools
>> 
>> Hello,
>> on my site I want to use Argus for net monitoring porpouses.
>> Since my uplink is 10Gbps, I need to use Netflow to collect data and I'd
>> like to use argus client tools for analysis.
>> So here is my question.
>> What is the best way to collect raw Netflow data files for later analysis ?
>> Can argus collect and save argus data files from a Netflow source
>> (running as argus daemon), or do I need to use
>> flow-tools like flow-capture to first capture Netflow data and then use
>> the ra* program for analysis ?
>> 
>> Otherwise can I read Netflow data directly from ra* clients and convert
>> them and write them to disc into the argus file format ?
>> 
>> thanks
>> 
>> 
>> Rick
>> 
>> 
>> 
>> 
> 
> 
> 

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100708/1334110c/attachment.bin>

More information about the argus mailing list