Flowfile newbie: followup

[John Hermes]

Hi Carter,

Thanks for the tip! I didn't think about ramon.

My first goal is to generate two lists (for UDP and TCP) of 
protocols sorted by total bytes (sent + received) and chop 
off anything beyond the top 10. Sort of a 30,000 ft view of 
how people are using the T1 these days. Any way to add the 
send and receive totals in ramon or ragator? I'll add 'em 
up with a script otherwise. I have a recent 2.0.6 beta 
client set, FYI.

Thanks!

John Hermes
jhermes at infoglobe.com





Hey John,
Your aggregation file is somewhat unique, in that your
tracking source CIDR addresses against TCP port numbers.
Not the most popular aggregation scheme ;o)

Why not try this
   ramon -r <argusfile> -M svc - tcp

While it won't give you your source, it will
give the port breakdown.  If this is similar to
what your looking for, its pretty easy to construct
variations with ragator().  Send more mail if this
is getting closer.

Regarding your aggregation conf file, this may help as
well:

Model 200  tcp  255.255.255.0  0.0.0.0  yes no yes
                                        ^^^
The "yes" preserves the protocol.  Even though your
filtering for just tcp, the port is only meaningful
in conjunction with the protocol, so its important.

Carter