Flowfiles newbie. Hints?
John Hermes
jhermes at infoglobe.com
Tue Nov 5 14:33:37 EST 2002
Hi Everyone,
I'm trying to learn more about Argus, and I am not having
much help with ragator flowfiles to get the data I want.
For instance, what would be the best way to aggregate a
single argus file so that only one record per TCP dest port
were generated? Then you could use rasort to see the most
popular dest TCP protocols very easily.
I tried this config on 24 hours worth of log data hoping to
get a single record agregating each tcp port.
Flow 100 tcp 192.168.1.0 * * * 200 86400 0
Model 200 tcp 255.255.255.0 0.0.0.0 no no yes
Thanks in advance for any ideas!
John Hermes
jhermes at infoglobe.com
More information about the argus
mailing list