argus and Netflow
jdenton
jdenton at itcglobal.com
Wed Nov 21 11:58:02 EST 2012
Carter,
Here's a twist, can I use argus to collect data from the network,
log/archive it locally, then send that data as a netflow stream
to a netflow analyzer?
We have multiple locations that we monitor with netflow tools and are
looking at how to leverage that with argus data collection?
The netflow analyzer gives us the GUI and report generation capabilities
to trend by region, networksor per customer.
To the flow analyzer argus would look like another flow exporter.
The idea is to archive argus data for engineering trending but have a
subset of that data available for other personnel
to view in a known tool that is used now.
Regards,
Jon
On 11/18/12 8:29 AM, Carter Bullard wrote:
> Hey Ricardo,
> Sorry for the delayed response. Yes, you use argus-client programs to collect the Netflow data, just as you collect argus data.
> There is a page on the web site that talks about this, which may be a good start:
>
> http://www.qosient.com/argus/argusnetflow.shtml
>
> The syntax for the support has changed but this should work for you:
>
> ra -S cisco://any:9996
>
> Should collect whatever netflow data there is on the wire, going to port 9996, which is the default.
> Can you describe a bit more why argus isn't working for you? Not sure that netflow data, is
> going to be a good replacement, if you've used argus data in the past.
>
> Hope all is most excellent,
> Carter
>
> Sent from my iPad
>
> On Nov 16, 2012, at 4:11 AM, Riccardo Veraldi <Riccardo.Veraldi at cnaf.infn.it> wrote:
>
>> Hello,
>> I would like to use argus to analyze netflow traffic format, but it is not very clear to me how to do it.
>> Do I still need the argus daemon and to redirect netflow traffic to the machine where daemon is running,
>> or simply I can run argus client on the target netflow machine ?
>> Netflow traffic should be rewritten in argus format on the disk ?
>> I Am sorry but I did not understand very much how to do.
>> I have been using argus to monitor network traffic on mirror port since many many years, but the uplink speed
>> grew to 10Gbps and this solution is no more efficent and scalable, and I must use Netflow.
>> To tell the truth I am using Netflow Analyzer now but it is not so flexible as argus.
>> With argus I can use my own perl scripts to search for specific traffic patterns...
>>
>> thank you
>>
>> Riccardo
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121121/183c9387/attachment.html>
More information about the argus
mailing list