Aggregate data from two sources
Patrick Forsberg via Argus-info
argus-info at lists.andrew.cmu.edu
Fri Nov 4 07:54:10 EDT 2016
Hi,
I have a question on how to merge flows from two sources.
We have an active-active router configuration that means traffic can
come in through one router and go out through the other.
We have argus listeners at each router through passive taps. The problem
that we have is that flows involving both routers will not aggregate.
The following example shows to flows that should really only be one flow.
StartTime Flgs Proto SrcAddr Sport Dir DstAddr Dport SrcPkts DstPkts State SrcId
161031 23:58:46.089721 e tcp 192.168.15.135.42027 -> 10.1.221.25.http 522 0 RST 10.1.9.33
161031 23:58:46.089953 e tcp 10.1.221.25.http -> 192.168.15.135.42027 353 0 CON 10.1.9.34
Patrick Forsberg
Chalmers University of Technology
More information about the argus
mailing list