racount -M proto not working
Carter Bullard
carter at qosient.com
Fri Jun 23 10:51:27 EDT 2006
Hey Robin,
No, its not there, probably won't be there, as I mentioned
in my previous email.
Try
racluster -m proto -r argus.file -s proto trans pkts spkts
dpkts bytes sbytes dbytes
Carter
On Jun 23, 2006, at 3:16 AM, Robin Gruyters wrote:
> Hello (again),
>
> I found this feature in the manual of racount:
>
> [...]
> racount -M proto -r argus.file
> racount records total_pkts src_pkts
> dst_pkts total_bytes src_bytes dst_bytes
> tcp 47 777
> 405 372 119782 66541
> 53241
> udp 135 180
> 137 43 35987 20466
> 15521
> icmp 18 47
> 40 7 3318 2814 504
> ip 50 50
> 50 0 3000 3000 0
> arp 29 58
> 29 29 3480 1740 1740
> sum 279 1246
> 719 527 177807 99425
> 78382
> [...]
>
> When I try this, it doesn't work
>
> [...]
> $ racount -M proto -r /data1/argus/archive/2006/06/23/argus.
> 2006.06.23.00.00.00.bz2
> racount records total_pkts src_pkts dst_pkts
> total_bytes src_bytes dst_bytes
> sum 36519 456513 455297 1216
> 517115093 515645026 1470067
> [...]
>
> Regards,
>
> Robin Gruyters
>
More information about the argus
mailing list