Flowfile newbie: followup
John Hermes
jhermes at infoglobe.com
Tue Nov 5 15:30:41 EST 2002
Hi Peter,
I got a generic count per protocol out of:
ra -r <argusfile> -w - - tcp and port <prot#> | racount -r -
Yuk. Running this once for every protocol is going to take
a while. Not very elegant either. I like your Perl idea
better. I would very much like to accept your generous
offer to share your scripts. Thanks!
John Hermes
jhermes at infoglobe.com
> If you are a perl hacker, this is easy to do in perl. I have a
> script that splits out ra output into perl variables that I can send you if
> you like. A really should be getting around to playing with the new clients,
> but so far time has been lacking (and the perl is there :-)).
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
> >
> > Hi Everyone,
> >
> > Following up previous email:
> >
> > I think the line below
> > Flow 100 tcp 192.168.1.0 * * * 200 86400 0
> >
> > should be
> > Flow 100 tcp 192.168.1.0/24 * * * 200 86400 0
> >
> > at least now it seems to aggregate better!
> >
> > Thanks,
> >
> > John Hermes
> > jhermes at infoglobe.com
> >
> >
>
More information about the argus
mailing list