Argus-info Digest, Vol 68, Issue 1
Carter Bullard
carter at qosient.com
Mon Apr 4 14:04:34 EDT 2011
Great, just the thing I was looking for. I'll check em out this week.
Carter
On Apr 4, 2011, at 1:12 PM, CS Lee <geek00l at gmail.com> wrote:
> hi Carter,
>
> By the way we can also use nfacctd/sfacctd from pmacct suite to export netflow/sflow datagram as sample to test with argus.
>
> Sorry if I send multiple messages regarding same topic, it's late and I'm a bit out of my mind.
>
> Cheers!
>
> On Tue, Apr 5, 2011 at 1:08 AM, CS Lee <geek00l at gmail.com> wrote:
> hi Carter,
>
> The reason why I say pmacct because it supports wide range of netflow/sflow version which you might want to check out.
>
> Cheers!
>
>
>
>
> On Tue, Apr 5, 2011 at 1:04 AM, CS Lee <geek00l at gmail.com> wrote:
> hi Carter,
>
> If you mention any tool in particular to be supported by argus, should consider pmacct - http://www.pmacct.net/
>
>
> On Tue, Apr 5, 2011 at 12:00 AM, <argus-info-request at lists.andrew.cmu.edu> wrote:
> Send Argus-info mailing list submissions to
> argus-info at lists.andrew.cmu.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
> or, via email, send a message with subject or body 'help' to
> argus-info-request at lists.andrew.cmu.edu
>
> You can reach the person managing the list at
> argus-info-owner at lists.andrew.cmu.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Argus-info digest..."
>
>
> Today's Topics:
>
> 1. Re: netflow support in argus-clients ? (Gilles Gallot)
> 2. Re: netflow support in argus-clients ? (Carter Bullard)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 04 Apr 2011 15:34:16 +0200
> From: Gilles Gallot <Gilles.Gallot at idris.fr>
> Subject: Re: [ARGUS] netflow support in argus-clients ?
> To: Carter Bullard <carter at qosient.com>
> Cc: Argus <argus-info at lists.andrew.cmu.edu>
> Message-ID: <4D99C8D8.3060604 at idris.fr>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Dear all,
>
> Le 03/22/11 01:32, Carter Bullard a ?crit :
> > Gentle people,
> > There was discussion regarding new netflow support for argus and I'd like to get some
> > sense as to what people would like to see.
> >
> > At this point, we're investigating importing netflow v9 and/or IPFIX flow records into argus-clients.
> could you integrate netflow v7 ?
>
> SFLOW is an other technology that argus should support
>
> > I am also looking into reading flow-tools file formats. Is there interest in any of these features?
> >
> > I am also investigating exporting arcsight specific data output format and netflow v5 format
> > from radium(). While IPFIX stream output is not on the radar, IPFIX output file formats are possibly
> > on the list. None of these are trivial to implement, so we'l have to have a really good reason.
> >
> > Opinions, suggestions, comments, attitude, whatever, are more than welcome.
> >
> > Carter
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 4 Apr 2011 10:50:56 -0400
> From: Carter Bullard <carter at qosient.com>
> Subject: Re: [ARGUS] netflow support in argus-clients ?
> To: Gilles Gallot <Gilles.Gallot at idris.fr>
> Cc: Argus <argus-info at lists.andrew.cmu.edu>
> Message-ID: <22E0C5F9-4E4A-47D6-9490-8BF878679406 at qosient.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hey Gilles,
> In support of netfow_v7, do you have any example records I can use for testing?
> The header support and formats are already there, but I didn't have a v7 data
> source for testing.
>
> And for sflow (in fact for all of these), are there wire formats and file formats that
> I need to consider? Is there a generic strategy (flow-tools?) that exists that we
> should integrate?
>
> If you have any opinions on this, I would love to know, as that will help in planning
> out this effort.
>
> Carter
>
>
> On Apr 4, 2011, at 9:34 AM, Gilles Gallot wrote:
>
> > Dear all,
> >
> > Le 03/22/11 01:32, Carter Bullard a ?crit :
> >> Gentle people,
> >> There was discussion regarding new netflow support for argus and I'd like to get some
> >> sense as to what people would like to see.
> >>
> >> At this point, we're investigating importing netflow v9 and/or IPFIX flow records into argus-clients.
> > could you integrate netflow v7 ?
> >
> > SFLOW is an other technology that argus should support
> >
> >> I am also looking into reading flow-tools file formats. Is there interest in any of these features?
> >>
> >> I am also investigating exporting arcsight specific data output format and netflow v5 format
> >> from radium(). While IPFIX stream output is not on the radar, IPFIX output file formats are possibly
> >> on the list. None of these are trivial to implement, so we'l have to have a really good reason.
> >>
> >> Opinions, suggestions, comments, attitude, whatever, are more than welcome.
> >>
> >> Carter
> >
> >
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/pkcs7-signature
> Size: 3815 bytes
> Desc: not available
> Url : https://lists.andrew.cmu.edu/mailman/private/argus-info/attachments/20110404/42ca92c9/attachment-0001.bin
>
> ------------------------------
>
> _______________________________________________
> Argus-info mailing list
> Argus-info at lists.andrew.cmu.edu
> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
>
>
> End of Argus-info Digest, Vol 68, Issue 1
> *****************************************
>
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
>
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
>
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110404/ac6cb978/attachment.html>
More information about the argus
mailing list