Netflow 9 and srcid/smac/dmac
Richard Rothwell via Argus-info
argus-info at lists.andrew.cmu.edu
Tue Jul 5 01:54:19 EDT 2016
Hi Carter,
The new argus_import.c file you provided has been added to the source compilation and the argus clients have been rebuilt as follows:
./configure; make clean; make
make install
nprobe was run:
nprobe --collector-port 9412 -n 127.0.0.1:9012 -V 9 --daemon-mode
Then radium was rerun:
/usr/local/sbin/radium -S cisco://any:9012 -d -e 12 -P 562 -- local dur lte 300
and the output checked via:
bin/ra -S localhost:562 -s +srcid +smac +dmac - local dur lte 300
to produce:
StartTime Flgs Proto SrcAddr Sport Dir DstAddr Dport TotPkts TotBytes State SrcId SrcMac DstMac
05:25:03.427000 Ne tcp 122.3.81.45.33492 -> 144.110.139.209.telnet 1 60 REQ 00:00:00:00:02:84 00:00:00:00:02:e2
05:25:00.426000 Ne udp 220.249.99.149.megar* -> 118.139.77.174.6956 1 93 REQ 00:00:00:00:02:84 00:00:00:00:03:0a
05:25:03.426000 Ne tcp 149.144.222.115.64996 ?> 17.248.155.143.https 4 711 CON 00:00:00:00:03:00 00:00:00:00:02:d9
05:25:01.424000 Ne tcp 128.250.0.44.37326 ?> 103.245.222.193.https 3 685 CON 00:00:00:00:03:38 00:00:00:00:02:d9
So it looks like the input and output fields are there now, but srcid is still missing. Excellent, progress is being made!
Regards from Richard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160705/e353e5fd/attachment.html>
More information about the argus
mailing list