argus and flow-tools

Riccardo Veraldi Riccardo.Veraldi at cnaf.infn.it
Thu Jul 8 10:06:50 EDT 2010


thank you.
Ok so let me understand better. If I Want to collect netflow data for 
later ra* analysis
can I use radium as collector and send the Netlow data from the router 
to the
machine where radium is running as a collector ?

because if I use directly ra* tools with -S cisco://host:port option 
anyway I can see
netflow "on the wire" but I cannot have an offline analysis on 
historical data.

Rather I might use ra* tools laer on the Netflow data collected by 
radium, is this correct ?

I ahve always been accostumed to use argus and ra* clients on a switch 
mirror port,
but now 10Gbps is too much for this model analysis.

thanks

Carter Bullard wrote:
> Hey Riccardo,
> Mark is right, you will want to use the argus-client programs, specifically
> radium() to have a daemon collect from your netflow source.  If you get
> the latest developers code, which is almost ready to be released as
> argus-clients-3.0.4, all the clients have new syntax for reading cisco records:
>
>    ra -S cisco://host:port
>
> where host is the destination address the router is configured to send
> the records to, and port is the port.  You will use the same type of syntax
> in the radium.conf file you would use for daemon collection.
>
> If you use argus-clients-3.0.2 code, use the "-C" option for ra*.
>
>    ra -C host:port
>
> The man pages are pretty good on this topic.
>
> Carter
>
> On Jul 8, 2010, at 9:10 AM, Mark Poepping wrote:
>
>   
>> As I recall, you can set up any of the argus tools to read from a Cisco
>> netflow export directly, take a look at the -C option..  [usual netflow data
>> model caveats apply]
>> Mark.
>>
>>
>>     
>>> -----Original Message-----
>>> From: argus-info-bounces+poepping=cmu.edu at lists.andrew.cmu.edu
>>>       
>> [mailto:argus-
>>     
>>> info-bounces+poepping=cmu.edu at lists.andrew.cmu.edu] On Behalf Of Riccardo
>>> Veraldi
>>> Sent: Thursday, July 08, 2010 4:39 AM
>>> To: argus-info at lists.andrew.cmu.edu
>>> Subject: [ARGUS] argus and flow-tools
>>>
>>> Hello,
>>> on my site I want to use Argus for net monitoring porpouses.
>>> Since my uplink is 10Gbps, I need to use Netflow to collect data and I'd
>>> like to use argus client tools for analysis.
>>> So here is my question.
>>> What is the best way to collect raw Netflow data files for later analysis ?
>>> Can argus collect and save argus data files from a Netflow source
>>> (running as argus daemon), or do I need to use
>>> flow-tools like flow-capture to first capture Netflow data and then use
>>> the ra* program for analysis ?
>>>
>>> Otherwise can I read Netflow data directly from ra* clients and convert
>>> them and write them to disc into the argus file format ?
>>>
>>> thanks
>>>
>>>
>>> Rick
>>>
>>>
>>>
>>>
>>>       
>>
>>     
>
> Carter Bullard
> CEO/President
> QoSient, LLC
> 150 E 57th Street Suite 12D
> New York, New York  10022
>
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
>
>
>   




More information about the argus mailing list