How Do I Filter The Data so just the totals for each ip are shown?

Carter Bullard carter at qosient.com
Mon May 13 14:20:56 EDT 2002 

Hey Desmond,
   Its "svc" not "srv" my mistake.
Carter


> -----Original Message-----
> From: Desmond Irvine [mailto:desmond.irvine at sheridanc.on.ca] 
> Sent: Monday, May 13, 2002 2:07 PM
> To: carter at qosient.com
> Subject: Re: How Do I Filter The Data so just the totals for 
> each ip are shown?
> 
> 
> I wasn't sure what the srv mode for the -M option did so I thought I 
> would give it a try the result being it just kept showing me the help 
> for the ramon command.  If I change the mode to topn it works 
> and I get 
> the expected output.  I though I might be using a out of date 
> version of 
> the code so I downloaded the what was there this morning and tried 
> again, but just got the same result.
> 
> Any ideas why the srv mode isn't supported?
> 
> Thanks, Desmond.
> 
> Carter Bullard wrote:
> 
> > Hey Andy,
> >    You don't need to filter argus traffic to do this,
> > you just need to use either ragator() or ramon().  From
> > the new distribution 
> > ftp://qosient.com/dev/argus-2.0/argus-2.0.5.tar.gz
> > try:
> >    ramon -M topn -r argusfile
> >    ramon -M srv -r argusfile
> > 
> > This should give you some of what you want. Once you try these and 
> > find out what's missing, send mail and we can see how to improve
> > ramon() to do what you want.
> > 
> > Carter
> > 
> > Carter Bullard
> > QoSient, LLC
> > 300 E. 56th Street, Suite 18K
> > New York, New York  10022
> > 
> > carter at qosient.com
> > Phone +1 212 588-9133
> > Fax   +1 212 588-9134
> > http://qosient.com
> > 
> >    
> > 
> > 
> >>-----Original Message-----
> >>From: owner-argus-info at lists.andrew.cmu.edu
> >>[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Andy
> >>Sent: Monday, May 13, 2002 12:30 PM
> >>To: argus-info at lists.andrew.cmu.edu
> >>Subject: How Do I Filter The Data so just the totals for each 
> >>ip are shown?
> >>
> >>
> >>I hope this question is appropriate here.
> >>
> >>
> >>I am new to argus and thus need some help with filtering.  What I
> >>want to do is filter out the data from argus so that I can get each 
> >>IP's total traffic at any given time.  Here is an example of what I 
> >>want.
> >>
> >>IpAddress	Protocol	IN Traffic (bytes) OUT Traffic(bytes)
> >>10.0.0.4		ICMP  	4000		2300
> >>207.192.2.4	TCP	1.2Gb		1Gb
> >>xx.xx.xx.xx	UDP	2Gb		4Gb
> >>etc...
> >>
> >>
> >>So for each IP at time Y I would like a summary of the total amount
> >>of traffic in and out for each protocol supported by argus.
> >>
> >>Is there a simple way of doing this?  Currently I am using trafd for
> >>this and parsing the data file,  buth this is really 
> inneficient and 
> >>thus I would like to be able to do this with argus instead.
> >>
> >>Thank in advance,
> >>Andy
> >>--
> >>
> >>
> >>
> > 
> > 
> > 
> 
> 
> -- 
> Desmond Irvine              Security Analyst, Information Technology
> Sheridan College            Phone: 905-845-9430 x2035
> 1430 Trafalgar Road         Fax: 905-815-4011
> Oakville, ON  L6H 2L1       EMail: desmond.irvine at sheridanc.on.ca
> 
> 
>

More information about the argus mailing list