Most efficient way to generate summary traffic report

[toddmichael]

Just started working with Argus after reading about it in Richard Bejtlich's
Tao of NSM book.  He's right - this tool is fantastic!  To get me started I
am running argus on a span port to gather everything I need.  At this point,
my plan is to let it run for about a week for the purpose of gathering some
statistics regarding Internet usage.  I have an Internet pipe that is used
for standard Internet usage and also for inter-office vpn connectivity.  I'm
trying to generate a report which shows the percentage of our Internet
traffic which is to/from:

office1
office2
datacenter1
datacenter2
all other

so I can report to management on how much is inter-office VPN vs all-other.
I know I can do this using racount with perl or shell, but it requires many
passes over the same file ( i.e. using filter of -t -24h net 192.168.x.x to
find out traffic to/from 192.168.x.x in the past 24 hours) which is quite
large and thus would be pretty inefficient.  Before going this route I'm
wondering if there's a way to gather this info in a more efficient way
(using 1 or 2 passes rather than 5+) using either racount or the numerous
other utilities.  I appreciate your guidance.

toddmichael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070412/87b7fa7e/attachment.html>