[ARGUS] Export sflow stream

Carter Bullard carter at qosient.com
Mon Feb 1 12:26:13 EST 2021 

Hey Russell,
Whey don’t we try to get them to read argus data … Team Cymru has been an argus advocate in the past, and if they are interested, I’ll help them get started.
Is Nimbus open source ????

Carter


> On Feb 1, 2021, at 12:17 PM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
> 
> Hi Carter,
> 
> Sorry, I clearly did not explain myself properly.   I need to convert my argus *to* sflow and was wondering if there was anything already there?
> 
> The situation is that we have a chance to get Team Cymru’s Nimbus threat intelligence for free if we give them our flow data.  We simply do what everyone else do and get the border routers to send out the udp stream but i was wondering if i could use my existing argus data.
> 
> 
> 
> Russell at fulton.nz
> 
>> On 2/02/2021, at 4:01 AM, Carter Bullard <carter at qosient.com> wrote:
>> 
>> Hey Russell,
>> Sorry for the delayed response … winter is here and the snow is falling, so had to pay some attention to that …
>> Sflow processing in argus-clients-3.0.8.3 is rudimentary, but there are ways of getting it in, including raconvert.1 (use something to print sflow to ascii and then import it into argus using raconvert.1) … I think we’ll need to improve radium.1 if you would like to suck up an sflow stream … And argus sflow support hasn’t been tested to any real level that I would build a production system around …
>> 
>> So, with all that, if you have some Sflow data, or a way to generate an Sflow stream, I’d be happy to make changes in radium.1 to support it.
>> 
>> What kind of features were you thinking about for radium.1 ???  Do you want radium.1 to write an Sflow stream from actual argus data ???
>> 
>> Carter
>> 
>> 
>>> On Jan 28, 2021, at 12:57 PM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
>>> 
>>> I have an application (Team Cymru’s Nimbus) which wants sflow data.  In can source this directly off the router but i would much prefer to use radium to feed something that generates the stream.
>>> 
>>> Is there anything that does this?  
>>> 
>>> I know that Argus can ingest sflow...
>>> 
>>> Russell
>>> 
>>> Russell at fulton.nz
>>

More information about the argus mailing list