racount updates?
carter at qosient.com
carter at qosient.com
Tue Oct 17 06:10:57 EDT 2006
Hey CS,
racluster is the preferred way to do this now:
racluster -m proto -r file
And use the -s option to build the output format style that your interested in. racount didn't have this flexibility.
'-s stime dur trans pkts bytes'
whatever. Racount has been modified to add other types of objects, such as address family counting, "-A" or is it "-a". I'll update the man page soon.
Sorry for any inconvenience.
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: "CS Lee" <geek00l at gmail.com>
Date: Tue, 17 Oct 2006 13:58:39
To:argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] racount updates?
Hey all,
I would like to use racount to generate the general overall statistic based on protocol, while in man page it says that racount -M proto will do the job, however for me it just doesn't work and it apparently sum up all the protocols and show the result of everything. Then I try to us the common method - filter expression,
racount -r data.argus - tcp
racount -r data.argus - icmp
racount -r data.argus - udp
It shows correctly which is what I want, I try to check on racount -h and apparently it doesn't show anything about -M either, thus I'm wondering any modes are supported by racount because it may confuse people who use it for the first time or do we need an update for the man page :)
Cheers all :)
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
More information about the argus
mailing list