Argus-info Digest, Vol 68, Issue 1

CS Lee geek00l at gmail.com
Mon Apr 4 13:08:14 EDT 2011 

hi Carter,

The reason why I say pmacct because it supports wide range of netflow/sflow
version which you might want to check out.

Cheers!



On Tue, Apr 5, 2011 at 1:04 AM, CS Lee <geek00l at gmail.com> wrote:

> hi Carter,
>
> If you mention any tool in particular to be supported by argus, should
> consider pmacct - http://www.pmacct.net/
>
>
> On Tue, Apr 5, 2011 at 12:00 AM, <argus-info-request at lists.andrew.cmu.edu>wrote:
>
>> Send Argus-info mailing list submissions to
>>        argus-info at lists.andrew.cmu.edu
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>        https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
>> or, via email, send a message with subject or body 'help' to
>>        argus-info-request at lists.andrew.cmu.edu
>>
>> You can reach the person managing the list at
>>        argus-info-owner at lists.andrew.cmu.edu
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Argus-info digest..."
>>
>>
>> Today's Topics:
>>
>>   1. Re:  netflow support in argus-clients ? (Gilles Gallot)
>>   2. Re:  netflow support in argus-clients ? (Carter Bullard)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Mon, 04 Apr 2011 15:34:16 +0200
>> From: Gilles Gallot <Gilles.Gallot at idris.fr>
>> Subject: Re: [ARGUS] netflow support in argus-clients ?
>> To: Carter Bullard <carter at qosient.com>
>> Cc: Argus <argus-info at lists.andrew.cmu.edu>
>> Message-ID: <4D99C8D8.3060604 at idris.fr>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> Dear all,
>>
>> Le 03/22/11 01:32, Carter Bullard a ?crit :
>> > Gentle people,
>> > There was discussion regarding new netflow support for argus and I'd
>> like to get some
>> > sense as to what people would like to see.
>> >
>> > At this point, we're investigating importing netflow v9 and/or IPFIX
>> flow records into argus-clients.
>> could you integrate netflow v7 ?
>>
>> SFLOW is an other technology that argus  should support
>>
>> > I am also looking into reading flow-tools file formats.  Is there
>> interest in any of these features?
>> >
>> > I am also investigating exporting arcsight specific data output format
>> and netflow v5 format
>> > from radium().  While IPFIX stream output is not on the radar, IPFIX
>> output file formats are possibly
>> > on the list.  None of these are trivial to implement, so we'l have to
>> have a really good reason.
>> >
>> > Opinions, suggestions, comments, attitude, whatever, are more than
>> welcome.
>> >
>> > Carter
>>
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Mon, 4 Apr 2011 10:50:56 -0400
>> From: Carter Bullard <carter at qosient.com>
>> Subject: Re: [ARGUS] netflow support in argus-clients ?
>> To: Gilles Gallot <Gilles.Gallot at idris.fr>
>> Cc: Argus <argus-info at lists.andrew.cmu.edu>
>> Message-ID: <22E0C5F9-4E4A-47D6-9490-8BF878679406 at qosient.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Hey Gilles,
>> In support of netfow_v7, do you have any example records I can use for
>> testing?
>> The header support and formats are already there, but I didn't have a v7
>> data
>> source for testing.
>>
>> And for sflow (in fact for all of these), are there wire formats and file
>> formats that
>> I need to consider?  Is there a generic strategy (flow-tools?) that exists
>> that we
>> should integrate?
>>
>> If you have any opinions on this, I would love to know, as that will help
>> in planning
>> out this effort.
>>
>> Carter
>>
>>
>> On Apr 4, 2011, at 9:34 AM, Gilles Gallot wrote:
>>
>> > Dear all,
>> >
>> > Le 03/22/11 01:32, Carter Bullard a ?crit :
>> >> Gentle people,
>> >> There was discussion regarding new netflow support for argus and I'd
>> like to get some
>> >> sense as to what people would like to see.
>> >>
>> >> At this point, we're investigating importing netflow v9 and/or IPFIX
>> flow records into argus-clients.
>> > could you integrate netflow v7 ?
>> >
>> > SFLOW is an other technology that argus  should support
>> >
>> >> I am also looking into reading flow-tools file formats.  Is there
>> interest in any of these features?
>> >>
>> >> I am also investigating exporting arcsight specific data output format
>> and netflow v5 format
>> >> from radium().  While IPFIX stream output is not on the radar, IPFIX
>> output file formats are possibly
>> >> on the list.  None of these are trivial to implement, so we'l have to
>> have a really good reason.
>> >>
>> >> Opinions, suggestions, comments, attitude, whatever, are more than
>> welcome.
>> >>
>> >> Carter
>> >
>> >
>>
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: smime.p7s
>> Type: application/pkcs7-signature
>> Size: 3815 bytes
>> Desc: not available
>> Url :
>> https://lists.andrew.cmu.edu/mailman/private/argus-info/attachments/20110404/42ca92c9/attachment-0001.bin
>>
>> ------------------------------
>>
>> _______________________________________________
>> Argus-info mailing list
>> Argus-info at lists.andrew.cmu.edu
>> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
>>
>>
>> End of Argus-info Digest, Vol 68, Issue 1
>> *****************************************
>>
>
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
>



-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110405/fc413b66/attachment.html>

More information about the argus mailing list