netflow v9 implementation
Carter Bullard
carter at qosient.com
Tue Jun 12 22:59:50 EDT 2012
Gentle people,
I currently have netflow v9 processing in argus, almost finished. If you call argus with
the " -r cisco://address:port " or " -r cisco:/path/to/a/pcap/file " options, argus will convert
the contents of netflow PDU's to argus records. This same logic will be put in ra* programs
after we get it working. I've found that working with pcap files is a bit easier for testing.
Now I need some netflow v9 packets for testing. Currently I only have NAT
reporting netflow records, which we are successfully processing. Argus has a
correlation DSR, where we will squirrel away the NAT address and port mappings.
I'm very surprised that these records don't have any packet or byte metrics in them.
A pcap captuer of some plain ole v9 flow records, would be ideal.
If you have some pcap files that have some netflow v9 PDU's in them, including
the templates, that you can share, that would be very helpful. Please, upload to
ftp.qosient.com/incoming, or email to my qosient.com email if sending to the argus
mailing list is toooo public.
Hope all is most excellent, and thanks for all the assistance !!!!!
Carter
More information about the argus
mailing list