[ARGUS] Question about Traffic Accounting and Argus

Carter Bullard carter at qosient.com
Fri Apr 30 13:19:09 EDT 2004 

You should get the latest argus-clients programs.
ftp://qosient.com/dev/argus-2.0/argus-clients-2.0.6.tar.gz

Carter

-----Original Message-----
From: Rene Heinze [mailto:rhe at hup.de]
Sent: Friday, April 30, 2004 1:10 PM
To: Carter Bullard
Cc: argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] Question about Traffic Accounting and Argus

Hi Carter,

I can only use the Matrix or TopN Flag with "ramon -M". My version of
ramon (2.0.5) does not recognize "-M hostsrv". Maybe I´m doing something
wrong ?

René

Carter Bullard schrieb:
> Hey Rene,
>    Try this:
>       ramon -M hostsvc -N 25 -r /tmp/arguslos
>
> Carter
>
>
>
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Rene Heinze
> Sent: Wednesday, April 28, 2004 8:27 AM
> To: Russell Fulton; argus-info at lists.andrew.cmu.edu
> Subject: Re: [ARGUS] Question about Traffic Accounting and Argus
>
> Hi,
>
> sorry for the late answer to your mail. Thanks for the hint that I can
> use the "-c" flag. Works great.
> Now I see the total amount of traffic from each host in the network. But
>   I would like to see that traffic split up in the services used. I need
> to know if the traffic was p2p or http or ftp. Thats pretty important.
> Any ideas ?
>
> Thanks the support!
>
> René Heinze
>
> Russell Fulton schrieb:
>
>>On Fri, 2004-04-23 at 22:26, Rene Heinze wrote:
>>
>>
>>
>>>after that I played a bit with statistic funktions
>>>ramon -M TopN -N 25 -r /tmp/arguslos
>>>
>>>23 Apr 04 11:24:57     ip    194.77.59.20                 CON
>>>23 Apr 04 11:24:57     ip     google.de                 CON
>>>23 Apr 04 11:25:03     ip    194.77.59.25                 TIM
>>>23 Apr 04 11:29:05     ip    dict.leo.org                 CON
>>>23 Apr 04 11:29:52     ip    194.77.59.72                 TIM
>>>
>>>ramon -M Matrix -N 25 -r /tmp/arguslos
>>>
>>>23 Apr 04 11:30:12     ip    194.77.59.72              <->
>>>dict.leo.org              CON
>>>23 Apr 04 11:24:57     ip p508401f0.dip0.              <->
>>>194.77.59.36              CON
>>>
>>>Here I´m stucked. I do not know with what i should continue..
>>
>>
>>Ummm.... I'm not at all sure what the problem is.  If it is that you
>>want the traffic counts then add the -c flag to the ra* commands.
>>
>>
>
>
>
>

More information about the argus mailing list