Radium and Netflow Can the traffic flow thorugh
Dave Edelman
dedelman at iname.com
Wed Mar 21 22:06:24 EDT 2012
Carter,
I guess that my paradigm is libpcap in that it sees and captures the network
traffic but the traffic still manages to arrive at its intended destination
(or not and that's why you're doing packet captures :) )
I deal almost exclusively with Netflow data and I feed it to a set of hungry
radium each listening to different ports and creating appropriate output
files for subsequent processing by the various clients. I would love to
maintain that behavior but also allow unaltered Netflow data to continue to
a non-Argus/Radium consumer. I've thought about some sort of tee like
arrangement where the Netflow arrives at a designated port and is
immediately forwarded to two ports on the same host each with the
appropriate listener in place. The one reference that I found didn't quite
fit the bill. I looked at IP Tables and that might work but the man page is
as coherent as a warped Ouija board so I am looking for a bit of guidance.
Am I missing something obvious in the toolset or available on the Web?
--Dave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6547 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120321/d156e091/attachment.bin>
More information about the argus
mailing list