rasplit and netflow question

Michael Stone via Argus-info argus-info at lists.andrew.cmu.edu
Thu Sep 22 17:29:14 EDT 2016


On Thu, Sep 22, 2016 at 05:14:27PM -0400, Carter Bullard wrote:
>This makes sense ... With netflow v9 and ipfix, there is no defined format for
>a specific record.  The record format is declared in a flow template record,
>which is sent out periodically, say every 60 seconds or so.
>
>The ra* programs have to wait until the templates arrive before it can decode
>the buffers.  Nothing can be done about that unless the switch can be
>configured to send templates more frequently !!!
>
>OK, sounds like you're living the netflow v9 dream !!!
>Hope all other things are most excellent,

Sorry, to be clear, rasplit still isn't writing anything out when the 
mode is set -M time, regardless of how long I wait. If set to -M size it 
works, and ra works as expected. There seems to be something about 
rasplit's time handling and a netflow source.

Mike Stone



More information about the argus mailing list