Thanks for rapid reply :) I'm just starting in the area so consider me a
newbie. As a result, my "requirements" are rather limited right now.
I asked about ARGUS because it provides a fairly passive and easy (but
heavy as well) to implement data collection capability. For those folks
interested in getting their "feet wet" (like me) on flow analysis, ARGUS
can be put in place on a UNIX system (which I've done) without having to
configure network devices to generate flow data. Only change on a network
device that is required (assuming a switch type device) is to replicate
packet date to the port the ARGUS machine is plugged into. The ARGUS data
can then be feed into say FlowScan (which I've done) or other libpcap-based
tools for analysis.
So I'm looking for something like ARGUS to create the sflow flow data -
other then NTOP which for me (right now on FreeBSD and Solaris) is SO
UNSTABLE (but I still plan to play with it). Unfortunately right now,
sFlow apparently requires access to sflow capable hardware - I don't have
access to a piece sflow capable hardware. Just looking for an alternative
to NTOP.
You mentioned several network monitoring tools with capabilities similar to
ARGUS - can you provide a list please ? VERY interested in this.
At 02:26 PM 3/25/2002 -0800, Peter Phaal wrote:
>Sean O'Neill wrote:
> > Is there anything similar to ARGUS for sFlow ?
>
>For those unfamiliar with ARGUS, more information can be found at
>http://www.qosient.com/argus/
>
>Argus is a packet analyzer. It promiscuously monitors network traffic and
>logs information on traffic flows in its own record format. Argus, like many
>other packet analyzers, makes use of libpcap. The libpcap library provides a
>common interface for capturing packets. The sflowtool utility
>http://www.inmon.com/sflowTools.htm converts sFlow packet streams into
>libpcap format and should allow you to use ARGUS to analyze sFlow data.
>sflowtool can convert sFlow into a variety of other formats providing a
>large number of options for analyzing sFlow.
>
>Another alternative is NTOP http://www.ntop.org/ - a free traffic analyzer
>that provides native support for sFlow.
>
>The list http://www.sflow.org/software.htm provides links to additional free
>and commercial software that can by used to analyze sFlow data.
>
>Which particular features of ARGUS are you interested in? There are a large
>number of traffic monitoring applications available, some with very similar
>features to ARGUS. Depending on your requirements there may be a number of
>tools that could satisfy them.
>
>Peter
>----------------------
>Peter Phaal
>InMon Corp.
>
>Peter_Phaal@inmon.com
-- ........................................................ ......... ..- -. .. -..- .-. ..- .-.. . ... ............ .-- .. -. -... .-.. --- .-- ... -.. .-. --- --- .-.. ...Sean O'Neill
This archive was generated by hypermail 2b29 : 03/25/02 EST