Recommended Netflow Configuration for Cisco IOS 15

Carter Bullard via Argus-info argus-info at lists.andrew.cmu.edu
Fri Nov 6 09:33:05 EST 2015 

Hey Eric !!
Glad to see that you're still computing !!!!  
If  anything interesting comes up ... don't hesitate to holler !!!
Carter
	 	
Carter Bullard • CTO
150 E 57th Street Suite 12D
New York, New York 10022-2795
Phone +1.212.588.9133 • Mobile +1.917.497.9494

> On Nov 5, 2015, at 8:17 PM, Eric Pancer <epancer at pobox.com> wrote:
> 
> Thanks, Carter! Okay, so we went with the following flexible Netflow
> configuration using standard v5 records but v9 as the exporter.
> 
> !
> flow exporter flow-export-west
> destination 172.18.86.50
> source GigabitEthernet0/0/1
> transport udp 2055
> !
> !
> flow monitor flow-monitor-west
> exporter flow-exporter-west
> record netflow-original
> !
> 
> By the way, just for the archive: turns out the Cisco ISR 4000-series
> cannot send flow data via the management interface/management VRF.
> Would have hoped this could have been separated out, but it just
> didn't work out.
> 
> Cheers!
> 
> - Eric
> 
>> On Fri, Jul 10, 2015 at 9:36 AM, Carter Bullard <carter at qosient.com> wrote:
>> Hey Eric,
>> Long time-no-read !!   Argus-clients-3.0.8 should read netflow v5 and v9, but v9 is always subject to further testing, as some of the data is pretty weird, like using a template that has ports in it for traffic that is not TCP or UDP.   Give it a try with V9, if you need the data ... V5 should be solid.
>> 
>> If anything comes up don't hesitate to holler ...
>> Hope all is most excellent,
>> Carter
>> 
>>> On Jul 10, 2015, at 9:01 AM, Eric Pancer <epancer at pobox.com> wrote:
>>> 
>>> Greetings,
>>> 
>>> It's been a good bit of time since I've been on a Cisco device to
>>> configure netflow and I see IOS15 has changed the command set. What's
>>> the best recommend you folks have for enabling netflow on a late model
>>> router so that they can be read by Argus? Is v9 supported fully yet or
>>> should I stick with v5?
>>> 
>>> These commands are what I came up with:
>>> 
>>> !
>>> flow exporter NETFLOW
>>> description Hello Carter!
>>> destination 10.1.1.25
>>> export-protocol netflow-v5
>>> ttl 15
>>> !
>>> 
>>> Of course I'm still running into a few other issues with getting this
>>> applied to an interface (including needing to have a valid flow
>>> record), so any tips are appreciated.
>>> 
>>> Thanks,
>>> 
>>> - Eric
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20151106/60cdd8ef/attachment.html>

More information about the argus mailing list