ramon question

Wed Oct 25 16:42:42 EDT 2006

Hello List,
With Argus 2.0.6, I was using this command line to get Top Talkers & Listeners:

#> ra -n -u -w - -r /var/log/argus/argus.out | ramon -n -u -M Matrix
Which would display something like:Time SourceIP DestIP Spkts Dpkts Sbytes Dbytes (e.g.)1161806363      10.5.192.250        10.5.29.71 214      214       19260        192601161806384        10.5.29.71        10.5.29.65 31       31        1302         1860Now, It has been replaced by racluster. Which is much more flexible. But I still can't figure out how to display the informations the same way. I tried this:racluster -M rmon -m saddr daddr -r /var/log/argus/argus.out -w - - ip | rasort -m bytes -s ltime saddr daddr spkts dpkts sbytes dbytes | head -n 1010-25-06 20:30:20.235473       10.6.104.192        10.6.110.73    81041    73984     32471550     1164883510-25-06 20:30:20.235473        10.6.110.73       10.6.104.192    73984    81041     11648835     3247155010-25-06 20:35:50.308809       10.6.104.200       10.6.110.133    12142    16005      5253886     1685533810-25-06 20:35:50.308809       10.6.110.133       10.6.104.200    16005    12142     16855338      5253886But every line is duplicated (not exactly but display redundant informations) since racluster gives me both directions flows. Is there any workaround ?Any help is welcomed.Real Melanson.

____________________________
Réal Melançon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061025/11c6eda2/attachment.html>