Finding original configuration

Carter Bullard via Argus-info argus-info at lists.andrew.cmu.edu
Fri Sep 9 15:45:34 EDT 2016 

Hey Babak,
If its 3.0.x argus clients, we extract all the fields from NetFlow v5 records that we can out in the record, when we read them.  If you are not getting asn’s out of your data, it maybe that there weren't values available from the data (i.e. if its not a BGP driven router, it won’t have AS’s (vaue == 0) or that the ASN_DSR was stripped out of the data at some time.  ra* clients can be configured to strip out fields, and the “ asn “ field is not one that many users think to include if they use the “ -M dsrs=time, …, …, etc, “ option.

If you’re getting some asn’s, it maybe that they are specific to a particular srcid.  The srcid should be the IP address of the Netflow generator.

Carter

> On Sep 9, 2016, at 2:47 PM, Babak Alipour <babak.alipour at gmail.com> wrote:
> 
> Thank you for your response. I'm trying to figure out, out of all the fields that can be specified using '-s' options, which ones were actually recorded in the file? For example, I've noticed many flows in our files do not have (s/d)AS number recorded, could that be due to the configuration?
> 
> 
> 
> Babak Alipour ,
> University of Florida
> 
> On Fri, Sep 9, 2016 at 11:51 AM, David Edelman <dedelman at iname.com <mailto:dedelman at iname.com>> wrote:
> The Argus configuration file doesn't really affect collection of netflow data     
> 
> What is the problem have with the data that you have?
> 
> Dave Edelman
> 
> 
> On Sep 9, 2016, at 11:04, Babak Alipour via Argus-info <argus-info at lists.andrew.cmu.edu <mailto:argus-info at lists.andrew.cmu.edu>> wrote:
> 
>> Hello everyone,
>> 
>> I have a question regarding argus configuration files.
>> The netflow data we have was collected using Argus 3.0.2 a few years ago. Unfortunately, the configuration has been lost. I was wondering if there is a way of finding the original configuration file that was used to collect netflow data. Is it possible to find it?
>> 
>> Thanks in advance.
>> 
>> Best regards,
>> Babak Alipour ,
>> University of Florida
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160909/8d841284/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6285 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160909/8d841284/attachment.bin>

More information about the argus mailing list