problem with sFlow collector feature

Carter Bullard carter at qosient.com
Fri Jan 30 12:41:27 EST 2015 

Hey Stomil,
The netflow and sflow support in argus is designed to read packet
contents and generate argus records.  Unfortunately, you have to
tell argus to expect the formats.  We have this support in argus
primarily for testing. 

   argus -r cisco:/path/to/packet/file <cisco://path/to/file>
   argus -r sflow:/path/to/packet/file

In looking at the source code, however, argus-3.0.8 has stubs for sflow,
so its not working there either.  It was on in 3.0.7.x, but it wasn’t ready when
we released argus-3.0.8, and so we took it out.  My mistake !!!

There will need to be a tiny bit of development to turn it on, so 
if sflow is important, if you could send some packet captures with sflow
data in them, I’ll try to turn sflow on in the next development version,
3.0.9.1.  I’m now getting back to argus development, so this would
be a good feature to start 9 on.

Carter

 

> On Jan 29, 2015, at 12:44 PM, Stomil <stomil at gmail.com <mailto:stomil at gmail.com>> wrote:
> 
> How should I do that? argus -S <sflow url> or other way?
> 
> On Tue, Jan 27, 2015 at 10:59 PM, Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
> Hey Stomil,
> Sorry for the delayed response.
> 
> The support for sFlow in the ra* programs is not complete, and so don’t try to use it.
> There is sflow support in argus, however.  This makes sense, since sflow is really
> a sampled packet technology, not really a flow technology.
> 
> Try using argus on your sflow stream.  No promises that it will work, as
>  there hasn’t been a lot of testing, but it may generate some results for you.
> 
> Carter
> 
> 
> > On Jan 26, 2015, at 7:32 AM, Stomil <stomil at gmail.com <mailto:stomil at gmail.com>> wrote:
> >
> > Hello
> >
> > I try to use Argus as sFlow  (5) collector by running
> >
> > radium  -C sflow://<interface IP addr>:6343 -P 591
> >
> > It starts then as sFlow packets come in, the radium process crashes, here is the strace log:
> >
> > select(8, [7], NULL, NULL, {0, 150000}) = 0 (Timeout)
> > gettimeofday({1422026522, 115226}, NULL) = 0
> > select(8, [7], NULL, NULL, {0, 150000}) = 1 (in [7], left {0, 34229})
> > gettimeofday({1422026522, 231438}, NULL) = 0
> > recvfrom(7, "\0\0\0\5\0\0\0\1\303\273\356\16\0\0\0\0\0\0M\22\v]\361P\0\0\0\1\0\0\0\1"..., 2048, 0, {sa_family=AF_INET, sin_port=htons(2283), sin_addr=inet_addr("<ip addr>")}, [16]) = 192
> > rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
> > tgkill(27897, 27897, SIGABRT)           = 0
> > --- SIGABRT (Aborted) @ 0 (0) ---
> > Process 27897 detached
> >
> > Is there a proper way to run radium, or I have found a bug?
> >
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150130/e258509d/attachment.html>

More information about the argus mailing list