Radium not writing netflow records to file

[Carter Bullard]

Hey Mike,
Sorry for the delay.  ftp://qosient.com/incoming is a blind repository, if you could drop it off there, I can proceed.
I'll use flow-tools to retransmit the flows on the wire, and try to get ra() to process them.  From there, I should
be able to figure out if its a parsing problem or what.

So, only thing I can think is that we're not processing all the flow records in each packet, or we're dropping
packets.  How fast are they coming in, do you think?

Carter

On Apr 20, 2011, at 12:33 PM, Mike Iglesias wrote:

> On 04/19/2011 04:38 PM, Carter Bullard wrote:
>> Radium's v6 support has been tested all that much as most of the netflow has been v5.
>> Does it look like we're missing some, a few, most of the records?
> 
> Judging by the difference in file sizes between flow-tools and argus, I'd say
> quite a bit is missing.
> 
>> 
>> You can run "ra -r cisco-udp://address:port" and see if that is getting what you expect?  
> 
> It appears that the records are missing using ra as well.
> 
>> If you can provide some flow-tools files with v6 data, I can test to see what maybe happening with any of the tools.
> 
> Let me know how to get the file to you.  It's about 30mb (5 min of flows).
> 
> Switching to Netflow v5 would not be a problem - we just picked v6 because
> Argus supported it as did the routers.
> 
> 
> -- 
> Mike Iglesias                          Email:       iglesias at uci.edu
> University of California, Irvine       phone:       949-824-6926
> Office of Information Technology       FAX:         949-824-2270
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110425/346c18e8/attachment.bin>