argus-clients-3.0.7.4 on the server - Netflow -V9

jdenton jdenton at itcglobal.com
Wed Dec 12 18:07:34 EST 2012 

Hi Carter,

We have the 3.0.7.4 "ra" client running with a V9 netflow.
- so far so good, no seg faults.

We are seeing a time differential in the stime versus server time.

Server time ~ 15:00 CST is when the command "ra -S cisco://any:9996 -w 
netflow-ra-2012Dec12.arg"
is issuedwith the racluster cmd tested 30-45 minutes after. ( 1530 ~ 1545 )

Shouldn't we expect a 1500 ~ 1600 range for the StartTime from the 
racluster output?

How is a 'timestamp' for stime or ltime defined/extracted for the V9 flow??

Regards,
Jon






On 12/7/12 9:49 AM, Carter Bullard wrote:
> Gentle people,
> I've uploaded the new development image of the argus clients.  This fixes
> all the issues that have been presented on the email list, that I am aware of,
> and adds color support for ratop().
>
>     http://qosient.com/argus/dev/argus-clients-latest.tar.gz
>     http://qosient.com/argus/dev/argus-clients-3.0.7.4.tar.gz
>
> This version has significant bug fixes for netflow v9.  At this point, I believe that
> ra* reading of netflow v9 is fully functional and working well.  But we still need
> more testing, use, so If you have any problems, please send email, as this
> support is important to more than a few.
>
> ratop() is a complete rewrite, with more threads, better curses library support,
> better use of editline or readline, and better functionality when neither  are
> available.  AND, of course, COLOR !!!!  The ./support/Config/rarc has all the
> variables needed to use color, and there is a sample racolor.conf file provided.
> Paths to this file is important, so when you decide to use color, play with the
> rarc and racolor.conf, to see what works for you.
>
> Documentation is not complete, but as you guys point out problems, I'll fix
> as I can.  After we get the documentation developed a bit, I'll work toward
> releasing argus[-clients]-3.0.8.
>
> Many, many small bug fixes, PCRE support, better readline library discovery
> and use, so lots to digest, but like all releases, this should be completely
> backward compatible with prior versions of argus data, etc....
>
> Please take a look, and send any comments, reactions, opinions and of course
> results !!!!  If your bug, or issue, has not be resolved, please send a note to
> either me, or the list, and I'll address it.
>
> Hope all is most excellent,
>
> Carter
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121212/367fc2ab/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fgecgjeg.png
Type: image/png
Size: 439216 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121212/367fc2ab/attachment.png>

More information about the argus mailing list