oddities with ramon
Russell Fulton
r.fulton at auckland.ac.nz
Tue Apr 5 00:36:44 EDT 2005
Hi Harry,
On Tue, 2005-04-05 at 00:09 -0400, Harry Hoffman wrote:
> Hi All,
>
> Very new to both Argus and the list.
>
> I've read through quite a bit of the list archives, the manuals, etc.
> and cannot find the answer to what I'm looking for.
>
> I'm running Argus on one of my Internet facing links and using
> argusarchive create hourly gzip'd archives in
> /dump/argus/YEAR/MONTH/DAY/FILENAME
>
>
> If I run the command:
> ramon -M TopN -N 10 -nnnr /dump/argus/argus.out
>
> then I get a list of 10 entries back
so you are saying that
ramon -M TopN -N 10 -nnnr /dump/argus/YEAR/MONTH/DAY/FILENAME
does something different?
Are you sure you aren't running ra instead of ramon? I've done things
like that in the past!
>
>
> However if I try this on one of the archived files, I get what seems to
> be all of the records in that file returned.
>
> Since ramon seems to have no trouble reading the gz archive I'm hoping
> someone can shed some light on this matter.
>
> Also, I feel like I'm barely touching the tip of the iceberg with my use
> of Argus. Are there any good write-ups of what others are doing?
Peter van Epp did a good write up for USENIX a few years back...
Russell.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20050405/59a1af0b/attachment.bin>
More information about the argus
mailing list