racluster -M rmon: how to use it?
Wolfgang Barth
wob at swobspace.de
Wed Feb 21 13:58:33 EST 2007
Hi,
I have some problem to unterstand how racluster -M rmon (should) work. I
want to plot inbound/outbound traffic - not src/dst traffic.
I'm using something like this:
racluster -M rmon -r argus.log - \
srcid elibridge_dmz and src host 172.17.132.81 \
and dst host 172.17.130.2 and tcp dst port 80 and tcp src port 1415
The output is:
2007-02-21 08:15:27.658658 tcp 172.17.132.81.1415 -> 172.17.130.2.www \
9 13 1055 11936 FIN
2007-02-21 08:15:27.658658 tcp 172.17.130.2.www -> 172.17.132.81.1415 \
13 9 11936 1055 FIN
The flow is duplicated. Okay, if RMON works this way, how can I filter out
inbound and outbound traffic?
A simple 'ragraph bytes -M 10s -M rmon ...' shows a symetric graph with
inbound = src+dst = outbound.
Is there a way to show what is coming in/going out related to the
interface?
Wolfgang
--
<wob (at) swobspace de> * http://www.swobspace.de
More information about the argus
mailing list