Starting with Argus

Carter Bullard carter at qosient.com
Mon Jan 21 11:08:05 EST 2013


Hey Fabrice,
Trying some of your combinations, I see that some of your IPAddresses are inappropriate.
When reading cisco records from an interface, the actual process is that ra() will open a
socket and BIND it to the address and port that you provide.  The OS cannot bind an IP
address to a socket that it doesn't " own ".  So, you can provide any IP address that the
OS is configured to respond to.  These include the assigned IP addresses on interfaces,
multicast and broadcast IP addresses, and the " any " address, which means all of them.

What you want to use for reading cisco netflow records, are the IP address and port that
the router was configured to use to send the netflow records.  If the IP address is a unicast
IP address, then it has to be one of the ones that the host running ra(), is assigned to use.

Hope this is helpful,

Carter

On Jan 21, 2013, at 5:15 AM, Fabrice Fothe Fopa <fabrice.fothefopa at csp.it> wrote:

> Hi Carter ,
> Thank for your answer. I solve the previous problem by installing on a new machine the argus-server (argus-3.0.6.tar.gz and unpack it) and also the argus-client (argus-3.0.6.tar.gz, by the same way).
> Now i'm able to run argus -w argus.out to generate an argus record and store in the file argus.out but also see it by running ra -r argus.out.
> 
> Now my problem is to generate an Netflow record with argus. I'm using a router Cisco 7200 but after runing argus in different way       i allways get error. That some examples.
> 
> # ra -C 2055 -d (to directly reading from the network in a daemon mode on the port 2055 where is able my Netflow flow) i get this output : Segmentation Error Core dump generated .
> 
> # ra -C IPAdress:3000 -d (Always reading on the network in daemon mode on the specific interface wtih IP 194.xxx.xxx.0)
> The output is : ra[15572]: 11:11:30.969241 connect to 194.xxx.5.0:3000 failed 'Cannot assign requested address'
> 
> 
> # ra -C IPAdress:2055 -d (Always reading on the network in daemon mode on the specific interface wtih IP 194.xxx.xxx.0)
> The output is : ra[15572]: 11:11:30.969241 connect to 194.xxx.5.0:2055 failed 'Cannot assign requested address'
> 
> 
> Please i need a sugestion to resolve the problem.
> 
> Thank very much for your disponibility.
> 
> Let me know if there is other mailing list where a can registed 
> 
> Thank for all.
> 
> 
> 
> 
> Il 20/01/2013 16.31, Carter Bullard ha scritto:
>> Hey Fabrice,
>> Sorry for the delay, but you sent you email to the argus annouce list, which is a moderated list.
>> 
>> Your bash shell isn't finding the ra program.  It must not have been installed in a directory that
>> is in your path.
>> 
>> How did you install the argus clients programs?
>> 
>> Carter
>> 
>> On Jan 20, 2013, at 9:48 AM, argus-announce-bounces at qosient.com wrote:
>> 
>>> 
>>> From: Fabrice Fothe Fopa <fabrice.fothefopa at csp.it>
>>> Subject: Starting with Argus
>>> Date: January 14, 2013 9:48:34 AM EST
>>> To: argus-announce at qosient.com
>>> 
>>> 
>>> Hello everyone,
>>> I'm a new user of argus, just starting now.I have download the argus-3.0.6 and argus-client-3.0.6 from http://www.qosient.com/argus/; but when i run ra -r , got the followin error : bash: /usr/bin/ra: File o directory non esistente
>>> 
>>> Sorry for my question but i'm a very new in using argus and my scope is to generate the table of the traffic on my network; may someone have a suggestion of the rigth configuration to do on my system and the rigth command to run??
>>> 
>>> Thank you for your answer.
>>> -- 
>>> FABRICE  
>>> Area Internetworking
>>> Direzione Progettazione 
>>> CSP Innovation nelle ICT S.c.ar.l.
>>> Via Alassio,11/C - 10128 Torino- Italia
>>> 
>>> 
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130121/9d781a2d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2589 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130121/9d781a2d/attachment.bin>


More information about the argus mailing list