Ragator config file questions
Wozz
wozz+argus at wookie.net
Tue Sep 25 15:08:07 EDT 2001
Am I correct that there is no flowfile(5) man page yet? Assuming so,
perhaps someone could give me an idea of what I'm doing wrong.
I'm trying to profile my network traffic in preparation for putting
firewall rules into an existing network. I want to aggregate the traffic
so I can see what services are on my network. In other words, I don't want
to see every single mail transaction, just that there are mail transactions
going to this particular system. I've setup a ragator config file as
follows:
Flow 101 * a.b.c.0:24 tcp * * 201 300
Flow 102 * a.b.c.0:24 udp * * 202 300
Flow 103 * a.b.c.0:24 icmp * * 203 300
Model 201 0.0.0.0 255.255.255.255 no no yes
Model 202 0.0.0.0 255.255.255.255 no no yes
Model 203 0.0.0.0 255.255.255.255 no no yes
The network my servers is on is a.b.c.0/24, but this doesn't seem to
accomplish what I want, when I run ragator as follows:
ragator -f rag.conf -r argusdata -
I just get what appears to be a print out of every transaction, with no
aggregation. Does anyone have some idea of how I could go about this? I
just want to get a good picture of the services that are actually receiving
traffic on my network without duplicate records, ie one per service/server.
Help?
More information about the argus
mailing list