racount
David Brumley
dbrumley at rtfm.stanford.edu
Mon Jul 10 17:18:05 EDT 2000
> A portable long long implementation / printf package for the 32 bit
> machines would be a useful addition to the arsenal (assuming there isn't
> something already of course).
I had a similar problem for a src/dst by port byte counting ra-let I
created. I had two different ways of solving it:
a. using gmp for arbitrary precision
b. using two counters - one for bytes and one for megabytes. This gives a
much large role factor, as we can (in solaris at least for u_int) have
4294967296 MB worth of traffic before rolling the logs.
(b) is what I use mostly. I then sort(1) to grab the biggest offenders
and use a PHP pie chart to show traffic.
cheers,
david
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security - dbrumley at Stanford.EDU
Phone: +1-650-723-2445 WWW: http://www.stanford.edu/~dbrumley
Fax: +1-650-725-9121 PGP: finger dbrumley-pgp at sunset.Stanford.EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
c:\winnt> secure_nt.exe
Securing NT. Insert Linux boot disk to continue......
"I have opinions, my employer does not."
More information about the argus
mailing list