ra (or equivelent) in daemon mode?
dave capella
dave.capella at cornell.edu
Fri Jun 20 19:28:20 EDT 2003
On Fri, 20 Jun 2003, Peter Van Epp wrote:
> Before I look at possibly reinventing the wheel, was there any
>resolution to the question of how to have argus on one box writing only
>to a socket and ra (or something else since ra seems overkill) on another
>box that listens on the socket and writes the data to disk? Basically what
>I'm after is argus_linux spread across two machines. One collecting /
>processing (but doing no disk I/O) and the other one writing the data to
>disk and being rotated by argus archive (and possibly running ra against
>the data in the archive). Linux is up and listening to a fdx link on a pair
>of bonded 3c905Bs (and currently writing to disk on the same machine) now I
>need to move the disk I/O to another machine in preparation for changing to
>Gig.
Hi,
Since ra writes to stdout, you could create a service that runs out of
inetd, and feed it the output from ra. Alternatively, you could run
netcat (or stunnel, or ssh, or...) to simply 'cat' it across the net.
I'm using netcat to retrieve the network statistics from the kernel
of an OpenBSD box and send it to a linux box with the argus tools.
Perhaps this will provide some ideas:
http://www.bscb.cornell.edu/computer/doc/argus.scripts/
Hope this helps,
...dave
--
~~~~ ____ | It's kind of fun to do the impossible.- Disney |
Y_,___|[]| | dave.capella at cornell.edu ~ www.bscb.cornell.edu |
{|_|_|_|__|,_|____dave_w_capella____BSCB____Cornell_University_|
//oo---OO=OO OO OO OO OO OO OO
More information about the argus
mailing list