Argus for protocol stats?
Peter Van Epp
vanepp at sfu.ca
Sat Dec 16 15:23:22 EST 2000
Yep, with a bit of perl this is possible. On 1.8.1 (the current public
release), ICMP counts can be wrong (because the byte count fields in the data
record are used for something else and there is no byte count) but the standard
IP things are aggregatable and reportable. I have perl scripts which do
something like this (report sorted by total traffic volume and aggregating
traffic by port for common ones like telnet, http, ftp etc.) While it isn't
ready for public release you are welcome to a copy of the perl to mangle as
you wish (noting it is utterly uncommented currently). My logs roll at
midnight and 6:30 AM and I usually process 24 hours of data to see whats
happening over night, but there is no reason you couldn't roll the logs every
15 minutes and do the reports. I've been ill lately and haven't yet updated
the scripts to deal with the 2.0 beta code yet however.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
>
> I am looking for something that will allow me to get protocol stats (percent
> http ftp traffic and also overall bytes transfered for each protocol) and
> output them to html for viewing by several people. This doesnt need to be in
> realtime but will more than likely just be a cron job every x minutes. It
> seems that Argus may be capable of this with some slight programming of
> something to parse the log files. I am not sure as I havent found much
> documentation on the subject. If anyone can shed any light on if argus can
> do this, and if not what can? Please reply to private email. Thanks
>
> Tim
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
More information about the argus
mailing list