accepting data that is pushed with ARGUS_OUTPUT_STREAM
Carter Bullard
carter at qosient.com
Fri Mar 1 08:15:01 EST 2013
Hey Ignas,
All clients can read the udp data. This should work on your example
ra -S argus-udp://1.1.1.1:561
So if B and C are configured to transmit to the same host and port, the ra() should see all the data. Make sure that B and C have unique argus source IDs in their argus.conf file.
We normally recommend a pull model, where your collector 'A' would connect to B and C to collect the data, using TCP. Lots of reasons for this strategy, but the UDP support is there to be used, so go for it !!
If you have any problems, do send email !!!!!
Carter
On Mar 1, 2013, at 7:59 AM, Ignas <ignas.linux at gmail.com> wrote:
> Hello,
>
> I see that argus is able to push it's data with ARGUS_OUTPUT_STREAM=argus-udp://1.1.1.1:561
>
> I can't find what argus/client tool accepts this data. Or maybe this ARGUS_OUTPUT_STREAM is used only with custom applications? I'm new to this.
>
> Background:
> I have a simple need to account udp/514 traffic on hosts B and C. It would be great if there is a possibility to push this accounting data to host A, where this data would be stored and analysed, without keeping it on B and C.
>
> Thank you,
> --
> Ignas
>
More information about the argus
mailing list