Collecting Cisco netflow logs in argus format
Carter Bullard
carter at qosient.com
Wed Jul 31 19:29:18 EDT 2013
Hey Desmond,
We don't currently support parsing netflow records from packets directly off the wire.
You can parse netflow records from packets in a file, using this
type of command line call:
argus -r cisco:file.name -w - | ra
We can change this, but there are some practical issues with incomplete
packet capture (snaplen < 1500) and parsing netflow, as well as taking
arbitrary udp packets and looking to see if you can find netflow
contents.
If this is something you would like to test out, and don't mind being
the quinea pig, we can provide an argus.conf option or something like:
argus -S localhost -M parseCisco
To direct argus to attempt to find cisco records in udp packets.
Is this helpful ?
Carter
On Jul 31, 2013, at 5:12 PM, Desmond Irvine <desmond.irvine at sheridancollege.ca> wrote:
> Hi all,
>
> I been trying to get argus to collect Cisco netflow logs in argus format and I’m not having much luck. I’ve seen lots of examples of using the various argus clients to read the netflow data and have been able to do that successfully, but I haven’t been to use argus itself to collect and record the data. I could swear that I’ve been able to do this in the past, but can’t figure out what parameters I would use with argus to do this. What is the official way to have argus listen and collect Cisco netflow logs?
>
> Thanks, Desmond
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130731/42377e36/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130731/42377e36/attachment.bin>
More information about the argus
mailing list