Argus-info Digest, Vol 68, Issue 1

CS Lee geek00l at gmail.com
Mon Apr 4 13:12:02 EDT 2011


hi Carter,

By the way we can also use nfacctd/sfacctd from pmacct suite to export
netflow/sflow datagram as sample to test with argus.

Sorry if I send multiple messages regarding same topic, it's late and I'm a
bit out of my mind.

Cheers!

On Tue, Apr 5, 2011 at 1:08 AM, CS Lee <geek00l at gmail.com> wrote:

> hi Carter,
>
> The reason why I say pmacct because it supports wide range of netflow/sflow
> version which you might want to check out.
>
> Cheers!
>
>
>
>
> On Tue, Apr 5, 2011 at 1:04 AM, CS Lee <geek00l at gmail.com> wrote:
>
>> hi Carter,
>>
>> If you mention any tool in particular to be supported by argus, should
>> consider pmacct - http://www.pmacct.net/
>>
>>
>> On Tue, Apr 5, 2011 at 12:00 AM, <argus-info-request at lists.andrew.cmu.edu
>> > wrote:
>>
>>> Send Argus-info mailing list submissions to
>>>        argus-info at lists.andrew.cmu.edu
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>        https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
>>> or, via email, send a message with subject or body 'help' to
>>>        argus-info-request at lists.andrew.cmu.edu
>>>
>>> You can reach the person managing the list at
>>>        argus-info-owner at lists.andrew.cmu.edu
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of Argus-info digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>>   1. Re:  netflow support in argus-clients ? (Gilles Gallot)
>>>   2. Re:  netflow support in argus-clients ? (Carter Bullard)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Mon, 04 Apr 2011 15:34:16 +0200
>>> From: Gilles Gallot <Gilles.Gallot at idris.fr>
>>> Subject: Re: [ARGUS] netflow support in argus-clients ?
>>> To: Carter Bullard <carter at qosient.com>
>>> Cc: Argus <argus-info at lists.andrew.cmu.edu>
>>> Message-ID: <4D99C8D8.3060604 at idris.fr>
>>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>>
>>> Dear all,
>>>
>>> Le 03/22/11 01:32, Carter Bullard a ?crit :
>>> > Gentle people,
>>> > There was discussion regarding new netflow support for argus and I'd
>>> like to get some
>>> > sense as to what people would like to see.
>>> >
>>> > At this point, we're investigating importing netflow v9 and/or IPFIX
>>> flow records into argus-clients.
>>> could you integrate netflow v7 ?
>>>
>>> SFLOW is an other technology that argus  should support
>>>
>>> > I am also looking into reading flow-tools file formats.  Is there
>>> interest in any of these features?
>>> >
>>> > I am also investigating exporting arcsight specific data output format
>>> and netflow v5 format
>>> > from radium().  While IPFIX stream output is not on the radar, IPFIX
>>> output file formats are possibly
>>> > on the list.  None of these are trivial to implement, so we'l have to
>>> have a really good reason.
>>> >
>>> > Opinions, suggestions, comments, attitude, whatever, are more than
>>> welcome.
>>> >
>>> > Carter
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 2
>>> Date: Mon, 4 Apr 2011 10:50:56 -0400
>>> From: Carter Bullard <carter at qosient.com>
>>> Subject: Re: [ARGUS] netflow support in argus-clients ?
>>> To: Gilles Gallot <Gilles.Gallot at idris.fr>
>>> Cc: Argus <argus-info at lists.andrew.cmu.edu>
>>> Message-ID: <22E0C5F9-4E4A-47D6-9490-8BF878679406 at qosient.com>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>>
>>> Hey Gilles,
>>> In support of netfow_v7, do you have any example records I can use for
>>> testing?
>>> The header support and formats are already there, but I didn't have a v7
>>> data
>>> source for testing.
>>>
>>> And for sflow (in fact for all of these), are there wire formats and file
>>> formats that
>>> I need to consider?  Is there a generic strategy (flow-tools?) that
>>> exists that we
>>> should integrate?
>>>
>>> If you have any opinions on this, I would love to know, as that will help
>>> in planning
>>> out this effort.
>>>
>>> Carter
>>>
>>>
>>> On Apr 4, 2011, at 9:34 AM, Gilles Gallot wrote:
>>>
>>> > Dear all,
>>> >
>>> > Le 03/22/11 01:32, Carter Bullard a ?crit :
>>> >> Gentle people,
>>> >> There was discussion regarding new netflow support for argus and I'd
>>> like to get some
>>> >> sense as to what people would like to see.
>>> >>
>>> >> At this point, we're investigating importing netflow v9 and/or IPFIX
>>> flow records into argus-clients.
>>> > could you integrate netflow v7 ?
>>> >
>>> > SFLOW is an other technology that argus  should support
>>> >
>>> >> I am also looking into reading flow-tools file formats.  Is there
>>> interest in any of these features?
>>> >>
>>> >> I am also investigating exporting arcsight specific data output format
>>> and netflow v5 format
>>> >> from radium().  While IPFIX stream output is not on the radar, IPFIX
>>> output file formats are possibly
>>> >> on the list.  None of these are trivial to implement, so we'l have to
>>> have a really good reason.
>>> >>
>>> >> Opinions, suggestions, comments, attitude, whatever, are more than
>>> welcome.
>>> >>
>>> >> Carter
>>> >
>>> >
>>>
>>> -------------- next part --------------
>>> A non-text attachment was scrubbed...
>>> Name: smime.p7s
>>> Type: application/pkcs7-signature
>>> Size: 3815 bytes
>>> Desc: not available
>>> Url :
>>> https://lists.andrew.cmu.edu/mailman/private/argus-info/attachments/20110404/42ca92c9/attachment-0001.bin
>>>
>>> ------------------------------
>>>
>>> _______________________________________________
>>> Argus-info mailing list
>>> Argus-info at lists.andrew.cmu.edu
>>> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
>>>
>>>
>>> End of Argus-info Digest, Vol 68, Issue 1
>>> *****************************************
>>>
>>
>>
>>
>> --
>> Best Regards,
>>
>> CS Lee<geek00L[at]gmail.com>
>>
>> http://geek00l.blogspot.com
>> http://defcraft.net
>>
>
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
>



-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110405/508147ee/attachment.html>


More information about the argus mailing list