we just started evaluating NPM and NTA.
Since there's no direct Netflow data source here, we looked into generating one with ARGUS (ARGUS- Auditing Network Activity).
ARGUS can watch local interfaces and stream a Netflow to a specific IP address and port, which is configured in a text file according to http://qosient.com/argus/man/man5/argus.conf.5.pdf. The relevant parameters are probably ARGUS_FLOW_TYPE and ARGUS_FLOW_KEY on the first page thereof.
Possible values are given as
Right now, we have:
We further configured ARGUS to send a NetFlow data stream to the IP of our NPM+NTA server, port 2055. Traffic analysis shows that data being sent.
NTA however doesn't recognize the ARGUS host as a "flow-enabled source" yet, though it appears in NPM just fine.
Since we are new to this, we do not know the correct NetFlow data format that NTA expects. What parameters would you choose here?
Does anyone know more about that or even tried the same thing?
We do appreciate any help in this.
-- United Networking