argus and Netflow
Carter Bullard
carter at qosient.com
Sun Nov 18 09:29:56 EST 2012
Hey Ricardo,
Sorry for the delayed response. Yes, you use argus-client programs to collect the Netflow data, just as you collect argus data.
There is a page on the web site that talks about this, which may be a good start:
http://www.qosient.com/argus/argusnetflow.shtml
The syntax for the support has changed but this should work for you:
ra -S cisco://any:9996
Should collect whatever netflow data there is on the wire, going to port 9996, which is the default.
Can you describe a bit more why argus isn't working for you? Not sure that netflow data, is
going to be a good replacement, if you've used argus data in the past.
Hope all is most excellent,
Carter
Sent from my iPad
On Nov 16, 2012, at 4:11 AM, Riccardo Veraldi <Riccardo.Veraldi at cnaf.infn.it> wrote:
> Hello,
> I would like to use argus to analyze netflow traffic format, but it is not very clear to me how to do it.
> Do I still need the argus daemon and to redirect netflow traffic to the machine where daemon is running,
> or simply I can run argus client on the target netflow machine ?
> Netflow traffic should be rewritten in argus format on the disk ?
> I Am sorry but I did not understand very much how to do.
> I have been using argus to monitor network traffic on mirror port since many many years, but the uplink speed
> grew to 10Gbps and this solution is no more efficent and scalable, and I must use Netflow.
> To tell the truth I am using Netflow Analyzer now but it is not so flexible as argus.
> With argus I can use my own perl scripts to search for specific traffic patterns...
>
> thank you
>
> Riccardo
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2589 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121118/6e71b3d1/attachment.bin>
More information about the argus
mailing list