The -t option
Andrew Pollock
andrew-argus at andrew.net.au
Sat Mar 29 03:34:30 EST 2003
Hi,
I'm looking at implementing (another) billing system with Argus, and I'd
like to basically every five minutes examine all the flows that have
occurred and then tie them back to customers.
It seems like the -t option with a -5m argument will do what I'm after. If
I do this every five minutes, am I guaranteed not to see any of the same
flows? How about missing any flows? My understanding of the -t option is
it selects records that intersect with the given time range. Is it
possible for a long-held flow to intersect with the above timerange twice?
Or does the way that Argus makes multiple records for a long flow prevent
this?
Andrew
More information about the argus
mailing list