ragraph/rahistogram
Andrew Pollock
andrew-argus at andrew.net.au
Wed Mar 12 05:45:53 EST 2003
Hi,
A friend of mine is playing with ragraph and running into some problems
with the output of rahistogram.
He says that the output should contain more than just 0.0.0.0 for IP
addresses. Here's a sample chunk of what rahistogram (as called by
ragraph) is spitting out:
rahistogram -p4 -G -r /var/log/argus/argus.log - ip
1047414305.0000:*:ip:0.0.0.0::->:0.0.0.0::93:171:7195:252563:CON
1047414306.0000:*:ip:0.0.0.0::->:0.0.0.0::266:493:20156:725136:CON
1047414307.0000:*:ip:0.0.0.0::->:0.0.0.0::264:490:19860:724584:CON
1047414308.0000:*:ip:0.0.0.0::->:0.0.0.0::264:491:19860:724584:CON
1047414309.0000:*:ip:0.0.0.0::->:0.0.0.0::267:493:20029:725011:CON
Is there more required (like a specific ra.conf) to get the output format
right?
Andrew
More information about the argus
mailing list