Breaking down selected traffic
Andrew Pollock
andrew-argus at andrew.net.au
Thu May 8 21:56:55 EDT 2003
On Mon, May 05, 2003 at 09:29:00AM -0400, Carter Bullard wrote:
> Hey Andrew,
> All things are possible, but we may have to make a
> slight change. The problem is that your filter is
> being applied to the input as well as the output, and
> you are filtering out the results.
>
> This is done because of the way that ramon works,
> and is somewhat unavoidable for most uses of ramon.
> If you were to do this:
>
> ra -r argus.log -w - - net x.y.z/24 | ramon -M svc net/24
I get results, yes, but I'm not sure they're the ones I'm after.
I produce a total figure by going
ramon -w - -M TopN -M Net/24 -r argus.log - net x.y.z/24 | racount
I want to break that total down to say what it's composed of, so I go
ra -r argus.log -w - - net x.y.z/24 | ramon -M svc -M net/24
If I then go and total up the in and outs from the above command, it
doesn't match the totals from the top command.
Andrew
More information about the argus
mailing list