Finding original configuration

David Edelman via Argus-info argus-info at lists.andrew.cmu.edu
Fri Sep 9 16:07:56 EDT 2016 

One additional comment. If you display the smac and dmac you will see the ingress interface index and egress interface index in a flow that is derived from NetFlow.

 

--Dave

 

From: Carter Bullard [mailto:carter at qosient.com] 
Sent: Friday, September 9, 2016 3:46 PM
To: Babak Alipour <babak.alipour at gmail.com>
Cc: David Edelman <dedelman at iname.com>; Argus <argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] Finding original configuration

 

Hey Babak,

If its 3.0.x argus clients, we extract all the fields from NetFlow v5 records that we can out in the record, when we read them.  If you are not getting asn’s out of your data, it maybe that there weren't values available from the data (i.e. if its not a BGP driven router, it won’t have AS’s (vaue == 0) or that the ASN_DSR was stripped out of the data at some time.  ra* clients can be configured to strip out fields, and the “ asn “ field is not one that many users think to include if they use the “ -M dsrs=time, …, …, etc, “ option.

 

If you’re getting some asn’s, it maybe that they are specific to a particular srcid.  The srcid should be the IP address of the Netflow generator.

 

Carter

 

On Sep 9, 2016, at 2:47 PM, Babak Alipour <babak.alipour at gmail.com <mailto:babak.alipour at gmail.com> > wrote:

 

Thank you for your response. I'm trying to figure out, out of all the fields that can be specified using '-s' options, which ones were actually recorded in the file? For example, I've noticed many flows in our files do not have (s/d)AS number recorded, could that be due to the configuration?

 

 




Babak Alipour ,

University of Florida

 

On Fri, Sep 9, 2016 at 11:51 AM, David Edelman <dedelman at iname.com <mailto:dedelman at iname.com> > wrote:

The Argus configuration file doesn't really affect collection of netflow data     

 

What is the problem have with the data that you have?

Dave Edelman

 


On Sep 9, 2016, at 11:04, Babak Alipour via Argus-info <argus-info at lists.andrew.cmu.edu <mailto:argus-info at lists.andrew.cmu.edu> > wrote:

Hello everyone,

 

I have a question regarding argus configuration files.

The netflow data we have was collected using Argus 3.0.2 a few years ago. Unfortunately, the configuration has been lost. I was wondering if there is a way of finding the original configuration file that was used to collect netflow data. Is it possible to find it?

 

Thanks in advance.

 

Best regards,

Babak Alipour ,

University of Florida

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160909/b5c4ea3f/attachment.html>

More information about the argus mailing list