Manipulate stime and ltime with ra

CS Lee geek00l at gmail.com
Wed Oct 18 10:00:45 EDT 2006


Hey,

I support you mean that you only see the start time in each flow record, if
you want it to printin a very nice output where start time and last time
printed together, and I suppose you want the duration of each flow since it
is useful as well, you can do this,

shell>ra -L0 -c \| -r honeynet-scan18.argus -nn -s +1ltime +2dur
StartTime|LastTime|Dur|Flgs|Proto|SrcAddr|Sport|Dir|DstAddr|Dport|SrcPkts|DstPkts|SrcBytes|DstBytes|State
17:33:23.616049|17:33:23.990888|0.374839||6|203.111.78.182|2657|->|172.16.1.103|111|2|1|140|78|CON

I use | as delimeter so that you can read the output easily, so you will see
that The LastTime and Duration come after StartTime. Hopefully that helps.

Cheers,

-- 
Best Regards,

CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061018/46f9d4aa/attachment.html>


More information about the argus mailing list