ragator
William Setzer
William_Setzer at ncsu.edu
Thu Nov 9 17:03:25 EST 2000
[ Just subscribed to the list. ]
I was reading the last message in the archive about suggestions for
"ragator". I'm trying to use the tool right now, and it's not
behaving as I expected. I might be misunderstanding Flow/Model
lines, or there might be a bug. In any case, it qualifies for
the requested feedback. :)
Here's what I was trying:
Flow 100 152.1.1.1:16 * * * * 200 1000
Flow 101 152.7.1.1:16 * * * * 201 1000
Flow 102 * * * * * 202 1000
Model 200 255.255.255.0 0.0.0.0 no no no
Model 201 255.255.255.255 0.0.0.0 no no no
Model 202 0.0.0.0 0.0.0.0 no no no
The idea was to print out one aggregate line for every "152.1" C
block, one aggregate line for each host in the "152.7" B block, and
lump everything else together into one line.
So if I ran:
ragator -f <flow> -n -r <argus> -w - - ip | rasort -s packets -c -n -r -
it would print out my big packet flingers.
Well, as you might guess, it doesn't work. I just get a number of
lines of "ip 0.0.0.0 <-> 0.0.0.0". If someone could confirm
either a bug or my stupidity, I'd really appreciate it. And I hope
that the above flow (corrected, if necessary) might serve as another
example, as requested by Carter Bullard.
Thanks.
William
More information about the argus
mailing list