Files for dates in the past and future when starting radium collection of netflow data
Carter Bullard
carter at qosient.com
Tue Jun 3 11:41:28 EDT 2014
Hey Jesse,
Although, what you’re doing is fine, you are using an obsoleted method for getting netflow records.
You should use:
#RADIUM_ARGUS_SERVER=cisco://192.168.0.4:9699
where the address is the address of the data source.
More than likely, the date problems are coming from the netflow records
themselves, as we just do what the netflow records say is the time.
You could write a copy of the stream to a file, and we can check if
radium is generating good timestamps, but rasplit() is messing up.
If you could upload the packet file to ftp at ftp.qosient.com:incoming and I’ll check it out.
Carter
On Jun 3, 2014, at 9:59 AM, Jesse Bowling <jessebowling at gmail.com> wrote:
> Hello,
>
> I have a radium client listening on port 9995 collecting netflow records from a remote source (v5). When I attach an rasplit client configured to split on 5 minute files, I get files for dates ranging from April 26th to July 15th (from a test run this morning).
>
> I’m curious what the issue might be, any help?
>
> $ egrep -v '^#|^[ \t]*$' /etc/radium.conf
> RADIUM_DAEMON="yes"
> RADIUM_MONITOR_ID=<snip>
> RADIUM_MAR_STATUS_INTERVAL=60
> RADIUM_CISCONETFLOW_PORT=9995
> RADIUM_ACCESS_PORT=561
> RADIUM_BIND_IP=127.0.0.1
>
> Started with:
>
> radium -f /etc/radium.conf
> /usr/local/bin/rasplit -M time 5m -w /srv/argus/%Y/%m/%d/argus.%Y.%m.%d.%H.%M.%S -d -S 127.0.0.1
>
> I also made a tcpdump of the startup process, Carter, in case that would be useful. Please let me know where to upload it if it would be handy.
>
> Cheers,
>
> Jesse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140603/e7cf7df2/attachment.sig>
More information about the argus
mailing list