argus and flow-tools
carter at qosient.com
carter at qosient.com
Thu Jul 8 10:56:02 EDT 2010
Yes, the ra* tools will convert the netflow records to argus records. You can have rasplit attxh to the radium to store your new argus records into an archive and process them later.
Carter
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: Riccardo Veraldi <Riccardo.Veraldi at cnaf.infn.it>
Date: Thu, 08 Jul 2010 16:06:50
To: Carter Bullard<carter at qosient.com>
Cc: Argus<argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] argus and flow-tools
thank you.
Ok so let me understand better. If I Want to collect netflow data for
later ra* analysis
can I use radium as collector and send the Netlow data from the router
to the
machine where radium is running as a collector ?
because if I use directly ra* tools with -S cisco://host:port option
anyway I can see
netflow "on the wire" but I cannot have an offline analysis on
historical data.
Rather I might use ra* tools laer on the Netflow data collected by
radium, is this correct ?
I ahve always been accostumed to use argus and ra* clients on a switch
mirror port,
but now 10Gbps is too much for this model analysis.
thanks
Carter Bullard wrote:
> Hey Riccardo,
> Mark is right, you will want to use the argus-client programs, specifically
> radium() to have a daemon collect from your netflow source. If you get
> the latest developers code, which is almost ready to be released as
> argus-clients-3.0.4, all the clients have new syntax for reading cisco records:
>
> ra -S cisco://host:port
>
> where host is the destination address the router is configured to send
> the records to, and port is the port. You will use the same type of syntax
> in the radium.conf file you would use for daemon collection.
>
> If you use argus-clients-3.0.2 code, use the "-C" option for ra*.
>
> ra -C host:port
>
> The man pages are pretty good on this topic.
>
> Carter
>
> On Jul 8, 2010, at 9:10 AM, Mark Poepping wrote:
>
>
>> As I recall, you can set up any of the argus tools to read from a Cisco
>> netflow export directly, take a look at the -C option.. [usual netflow data
>> model caveats apply]
>> Mark.
>>
>>
>>
>>> -----Original Message-----
>>> From: argus-info-bounces+poepping=cmu.edu at lists.andrew.cmu.edu
>>>
>> [mailto:argus-
>>
>>> info-bounces+poepping=cmu.edu at lists.andrew.cmu.edu] On Behalf Of Riccardo
>>> Veraldi
>>> Sent: Thursday, July 08, 2010 4:39 AM
>>> To: argus-info at lists.andrew.cmu.edu
>>> Subject: [ARGUS] argus and flow-tools
>>>
>>> Hello,
>>> on my site I want to use Argus for net monitoring porpouses.
>>> Since my uplink is 10Gbps, I need to use Netflow to collect data and I'd
>>> like to use argus client tools for analysis.
>>> So here is my question.
>>> What is the best way to collect raw Netflow data files for later analysis ?
>>> Can argus collect and save argus data files from a Netflow source
>>> (running as argus daemon), or do I need to use
>>> flow-tools like flow-capture to first capture Netflow data and then use
>>> the ra* program for analysis ?
>>>
>>> Otherwise can I read Netflow data directly from ra* clients and convert
>>> them and write them to disc into the argus file format ?
>>>
>>> thanks
>>>
>>>
>>> Rick
>>>
>>>
>>>
>>>
>>>
>>
>>
>
> Carter Bullard
> CEO/President
> QoSient, LLC
> 150 E 57th Street Suite 12D
> New York, New York 10022
>
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
>
>
>
More information about the argus
mailing list