netflow support in argus-clients ?
Carter Bullard
carter at qosient.com
Mon Apr 4 10:50:56 EDT 2011
Hey Gilles,
In support of netfow_v7, do you have any example records I can use for testing?
The header support and formats are already there, but I didn't have a v7 data
source for testing.
And for sflow (in fact for all of these), are there wire formats and file formats that
I need to consider? Is there a generic strategy (flow-tools?) that exists that we
should integrate?
If you have any opinions on this, I would love to know, as that will help in planning
out this effort.
Carter
On Apr 4, 2011, at 9:34 AM, Gilles Gallot wrote:
> Dear all,
>
> Le 03/22/11 01:32, Carter Bullard a écrit :
>> Gentle people,
>> There was discussion regarding new netflow support for argus and I'd like to get some
>> sense as to what people would like to see.
>>
>> At this point, we're investigating importing netflow v9 and/or IPFIX flow records into argus-clients.
> could you integrate netflow v7 ?
>
> SFLOW is an other technology that argus should support
>
>> I am also looking into reading flow-tools file formats. Is there interest in any of these features?
>>
>> I am also investigating exporting arcsight specific data output format and netflow v5 format
>> from radium(). While IPFIX stream output is not on the radar, IPFIX output file formats are possibly
>> on the list. None of these are trivial to implement, so we'l have to have a really good reason.
>>
>> Opinions, suggestions, comments, attitude, whatever, are more than welcome.
>>
>> Carter
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110404/42ca92c9/attachment.bin>
More information about the argus
mailing list