ragator again
Carter Bullard
carter at qosient.com
Wed Apr 2 08:54:55 EST 2003
Andrew,
So if you want ip traffic broken down by network/24
matrix and protocol, let's say, try this simple
configuration.
#
#
#
RAGATOR_MODEL_NAME=Test Configuration
RAGATOR_PRESERVE_FIELDS=no
RAGATOR_REPORT_AGGREGATION=yes
RAGATOR_AUTO_CORRECTION=yes
#
#
# id SrcAddr DstAddr Proto SPort DPort Model Dur Idle
Flow 100 ip * * * * * 200 0 0
# TCP and UDP Flow Model Definitions
# label id SrcAddrMask DstAddrMask Proto SPort DPort
Model 200 ip 255.255.255.0 255.255.255.0 yes no no
And run ragator as:
ragator -f conf -r file - ip
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Andrew Pollock
> Sent: Wednesday, April 02, 2003 12:34 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: ragator again
>
>
> Carter,
>
> I've just read the ragator(5) manpage, and my head hurts.
>
> I've got a month's worth of logs for a client, that has IPs
> on a /24, and
> I'd like to produce a protocol breakdown, and say of the x
> bytes in and
> out, y bytes was this protocol and z bytes was that protocol, etc etc.
>
> I figure ragator is my weapon of choice, but unfortunately I
> can't figure
> out how to drive it...
>
> Andrew
>
More information about the argus
mailing list