rasplit and netflow question
Carter Bullard via Argus-info
argus-info at lists.andrew.cmu.edu
Wed Sep 21 20:51:46 EDT 2016
Yes, that should work. You may want to run with debug set, so you can see what rasplit is doing with the records. (you may need to re configure and remake with a .debug tag file in the root directory).
% cd /path/to/the/argus-clients/root/directory
% touch .debug
% ./configure;make
% bin/rasplit -D4 -M time 5m -S cisco://any:9995 -w /argus/%Y/%m/%d/%Y.%m.%d.%H.%M.%S
You may want to use radium to collect the netflow records and have rasplit connect to the radium, if you’d like the flexibility to have other analytics work with the flow records, out side of the archive.
Holler if you see something that is odd !!!!
Carter
> On Sep 21, 2016, at 7:35 PM, Michael Stone via Argus-info <argus-info at lists.andrew.cmu.edu> wrote:
>
> I mainly use the argus daemon to generate flow records, but in one case I recieve netflow records and would like to store and access them in the same way as the argus flow data. Reception seems to be working, as ra -S cisco://any:9995
> outputs the expected flows (though the first line always has a 1969-12-31 19:00 timestamp). If I try to use rasplit, though, nothing is written to disk using
> rasplit -M time 5m -S cisco://any:9995 -w /argus/%Y/%m/%d/%Y.%m.%d.%H.%M.%S
>
> Should this work?
>
> Mike Stone
>
>
More information about the argus
mailing list