Argus & IPFIX?
Carter Bullard
carter at qosient.com
Mon Oct 16 13:52:59 EDT 2017
Hey Drew,
Argus should be able to read most/any IPFIX TCP/UDP data source, at least that is the goal. To that end, if you have some IPFIX data that the ra* programs can’t read, I’ll spend some time making it work. So if your using Juniper, have it export UDP IPFIX, and we should be able to read them, as the router advertises the templates in a reasonable timeframe, as we need to see the templates before we can decode the records (really terrible design flaw).
We, of course recommend that you generate your own flow records rather than read from integrated IPFIX, especially if you’re network is going particularly fast. QoSient has 1g, 10g, 40g and 100g argus sensor appliances for sale, so if you’re looking to do the do for real, think about generating your own data.
Hope all is most excellent,
Carter
<http://qosient.com/>
Carter Bullard <mailto:carter at qosient.com>• CTO
150 E 57th Street, Suite 12D
New York, New York 10022-2795
Phone +1.212.588.9133 • Mobile +1.917.497.9494
> On Oct 16, 2017, at 11:18 AM, Drew Dixon <dwdixon at umich.edu> wrote:
>
> Hello,
>
> I'm wondering what the current status of Argus' support of reading IPFIX and if there might be any relevant information/updates on that front which someone could share?
>
> I did some quick searching online and see mention of IPFIX in relation to Argus but nothing really stating that it's officially supported at this time etc.
>
> Thank you!
>
> -Drew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20171016/24d90e1b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4045 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20171016/24d90e1b/attachment.bin>
More information about the argus
mailing list