Using argus-clients for netflow collection and display
Jesse Bowling
jessebowling at gmail.com
Fri Apr 4 16:36:56 EDT 2014
On Fri, Apr 4, 2014 at 3:33 PM, Carter Bullard <carter at qosient.com> wrote:
> racluster -r argus.2014.04.04.14.30.00 -w - | racount
>
Hi Carter,
Results are:
# racluster -r argus.2014.04.04.14.30.00 -w - | racount
racount records total_pkts src_pkts dst_pkts
total_bytes src_bytes dst_bytes
sum 119557 7079867 7079867 0
5905682030 5905682030 0
and for filtering to the single address, I did:
| ra -r - -s +spkts +dpkts +sbytes +dbytes - \(host 100.0.1.8 and port 53\)
and \(host 100.0.1.135 and port 53504\)
I suspect that it's the export that's failing me (only exporting one side),
rather than an argus-client failure...I'm verifying by trying an alternate
netflow collector...
Cheers,
Jesse
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140404/ad1a31f8/attachment.html>
More information about the argus
mailing list