argus-2.0.0d fixes "-t option"
Carter Bullard
carter at qosient.com
Mon Sep 11 10:15:53 EDT 2000
Gentle people,
Neil found a problem with the wrapper code that I
put back in for this "d" release, and I've put the fixes
up on ftp://qosient.com/dev/argus/argus-2.9 so, please
refetch.
argus-2.0.0d also fixes bugs in the -t option, so that
it now works very well, especially with the "-r *.gz" option.
This allows you to make command line statements like:
ra -ncr */*.gz -t 11-12 -w - udp and port 53
and get all the DNS requests between 11 - 12 am, for any day
seen in the files. This is really helpful for me. I use
it in conjunction with the argus data file system that is
generated by the ./examples/mvargusdata.sh program.
I have a root cron entry that runs this program every hour:
0 * * * * /usr/local/bin/mvargusdata.sh >> /tmp/mvargus.log 2>&1
Argus is running with the "-w /home/argus/data/argus.out" option,
so its writing all its output into a common file argus.out,
and /usr/local/bin/mvargusdata.sh moves this file, after
compressing it, into a hierarchical filesystem with the name
year/month/day/argus.yyyy.mm.dd.hh.min.sec.gz.
So with this, I can sit within a months directory, and
use the command above and get all the DNS transactions between
11 and 12 for every day in the month.
Its pretty cool.
I'm going to propose that Argus store packets of interest in
a similar filesystem.
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 17A
New York, New York 10022
carter at qosient.com
Phone +1 212 813-9426
Fax +1 212 813-9426
More information about the argus
mailing list