Extracting Netflow 9 router fields as Argus record fields?
Richard Rothwell via Argus-info
argus-info at lists.andrew.cmu.edu
Wed Jun 8 20:57:34 EDT 2016
Hi Carter,
My Netflow 9 router output has these fields:
Flow Record:
Flags = 0x06 FLOW, Unsampled
export sysid = 1
size = 72
first = 1461737035 [2016-04-27 06:03:55]
last = 1461737035 [2016-04-27 06:03:55]
msec_first = 304
msec_last = 304
src addr = 128.250.0.205
dst addr = 179.60.193.36
src port = 27878
dst port = 443
fwd status = 0
tcp flags = 0x18 .AP...
proto = 6 TCP
(src)tos = 0
(in)packets = 2
(in)bytes = 193
input = 824
output = 644
src as = 10148
dst as = 32934
Apparently I need to extract input and output which I have been told are interface numbers.
Can I do that and if so how?
If its not in radium already can I hack the code to add it?
Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160609/06285aeb/attachment.html>
More information about the argus
mailing list