netflow support in argus-clients ?

Rafael Barbosa rrbarbosa at gmail.com
Tue Mar 22 05:04:28 EDT 2011


Part of my work consists in analyzing network data for
modeling proposes. Luckily, the datasets I am mainly work with were provided
to me in a 'pcap' form, which means I can use argus for the analysis.
However, that is not always the case. Sometime earlier this year I was
having problems working with 'flow-tools' data, as I could not import it to
argus. The same happened later with 'nfdump' data.

I understand that I might be using argus in a different manner (i.e., I
don't run or have access to any flow probe/collector), but the possibility
of using argus to parse other formats would be a great addition.

Rafael Barbosa
http://www.vf.utwente.nl/~barbosarr/



On Tue, Mar 22, 2011 at 1:32 AM, Carter Bullard <carter at qosient.com> wrote:

> Gentle people,
> There was discussion regarding new netflow support for argus and I'd like
> to get some
> sense as to what people would like to see.
>
> At this point, we're investigating importing netflow v9 and/or IPFIX flow
> records into argus-clients.
> I am also looking into reading flow-tools file formats.  Is there interest
> in any of these features?
>
> I am also investigating exporting arcsight specific data output format and
> netflow v5 format
> from radium().  While IPFIX stream output is not on the radar, IPFIX output
> file formats are possibly
> on the list.  None of these are trivial to implement, so we'l have to have
> a really good reason.
>
> Opinions, suggestions, comments, attitude, whatever, are more than welcome.
>
> Carter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110322/d9c7cc25/attachment.html>


More information about the argus mailing list