[ARGUS] Question about Traffic Accounting and Argus
Rene Heinze
rhe at hup.de
Fri Apr 30 13:10:05 EDT 2004
Hi Carter,
I can only use the Matrix or TopN Flag with "ramon -M". My version of
ramon (2.0.5) does not recognize "-M hostsrv". Maybe I´m doing something
wrong ?
René
Carter Bullard schrieb:
> Hey Rene,
> Try this:
> ramon -M hostsvc -N 25 -r /tmp/arguslos
>
> Carter
>
>
>
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Rene Heinze
> Sent: Wednesday, April 28, 2004 8:27 AM
> To: Russell Fulton; argus-info at lists.andrew.cmu.edu
> Subject: Re: [ARGUS] Question about Traffic Accounting and Argus
>
> Hi,
>
> sorry for the late answer to your mail. Thanks for the hint that I can
> use the "-c" flag. Works great.
> Now I see the total amount of traffic from each host in the network. But
> I would like to see that traffic split up in the services used. I need
> to know if the traffic was p2p or http or ftp. Thats pretty important.
> Any ideas ?
>
> Thanks the support!
>
> René Heinze
>
> Russell Fulton schrieb:
>
>>On Fri, 2004-04-23 at 22:26, Rene Heinze wrote:
>>
>>
>>
>>>after that I played a bit with statistic funktions
>>>ramon -M TopN -N 25 -r /tmp/arguslos
>>>
>>>23 Apr 04 11:24:57 ip 194.77.59.20 CON
>>>23 Apr 04 11:24:57 ip google.de CON
>>>23 Apr 04 11:25:03 ip 194.77.59.25 TIM
>>>23 Apr 04 11:29:05 ip dict.leo.org CON
>>>23 Apr 04 11:29:52 ip 194.77.59.72 TIM
>>>
>>>ramon -M Matrix -N 25 -r /tmp/arguslos
>>>
>>>23 Apr 04 11:30:12 ip 194.77.59.72 <->
>>>dict.leo.org CON
>>>23 Apr 04 11:24:57 ip p508401f0.dip0. <->
>>>194.77.59.36 CON
>>>
>>>Here I´m stucked. I do not know with what i should continue..
>>
>>
>>Ummm.... I'm not at all sure what the problem is. If it is that you
>>want the traffic counts then add the -c flag to the ra* commands.
>>
>>
>
>
>
>
More information about the argus
mailing list