Capturing Cisco IPFIX flows
bassem zaki via Argus-info
argus-info at lists.andrew.cmu.edu
Thu Dec 15 07:08:08 EST 2016
Hello all,
I'm new to Argus, and I'm trying to collect IPFIX flows sent from Cisco
router. Do I have to export the flows to an Argus server first then use ra
client tools to read those flows or can I just use client tools to read
flows sent directly from the cisco router?
I'm using (argus-clients-3.0.8.2) to collect the IPFIX but unfortunately
I'm caputering nothing at all. I thought maybe Argus doesn't support IPFIX
so I tried to collect netflow v5 exported by ipt_netflow but I had the same
result. I spent sometime reviewing the mailing list but I couldn't solve
the problem. I don't know exactly what I'm missing!!
Another question, reviewing GLORIAD solution made me really interested to
try argus, so I want to make sure that it's a good choice to monitor a
3Gbps network???
<SNIP>
# ra -A -S cisco://any:9996
^C Totalrecords 2 TotalManRecords 1 TotalFarRecords
0 TotalPkts 0 TotalBytes 0
<SNIP>
PS:
I made sure that I'm receiving the flows using tcpdump and tshark, and I
was already collecting flows using other netflow collecting tools like
nfacct, silk, and manageengine.
thanks,
bassem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20161215/313bb3b9/attachment.html>
More information about the argus
mailing list