Most efficient way to generate summary traffic report
Michael Hornung
hornung at cac.washington.edu
Thu Apr 12 16:16:36 EDT 2007
Perhaps run the ra* clients once to pull out the details you want for each
host/network you care about, then later post-process that tab-delimited
plaintext to your heart's content.
-Mike
On Thu, 12 Apr 2007 at 13:03, toddmichael wrote:
|Just started working with Argus after reading about it in Richard Bejtlich's
|Tao of NSM book. He's right - this tool is fantastic! To get me started I
|am running argus on a span port to gather everything I need. At this point,
|my plan is to let it run for about a week for the purpose of gathering some
|statistics regarding Internet usage. I have an Internet pipe that is used
|for standard Internet usage and also for inter-office vpn connectivity. I'm
|trying to generate a report which shows the percentage of our Internet
|traffic which is to/from:
|
|office1
|office2
|datacenter1
|datacenter2
|all other
|
|so I can report to management on how much is inter-office VPN vs all-other.
|I know I can do this using racount with perl or shell, but it requires many
|passes over the same file ( i.e. using filter of -t -24h net 192.168.x.x to
|find out traffic to/from 192.168.x.x in the past 24 hours) which is quite
|large and thus would be pretty inefficient. Before going this route I'm
|wondering if there's a way to gather this info in a more efficient way
|(using 1 or 2 passes rather than 5+) using either racount or the numerous
|other utilities. I appreciate your guidance.
|
|toddmichael
|
More information about the argus
mailing list