new rc.38 code available on the server
Robin Gruyters
r.gruyters at yirdis.nl
Thu Jan 25 03:51:37 EST 2007
uuuh, don't know what has changed since the last release (37), but my
output is completely f***ed up.
[...]
$ racluster -m saddr daddr dport -s saddr daddr dport sbytes dbytes -r
sql.arg.bz2
SrcAddr DstAddr Dport SrcBytes DstBytes
2.0.4.10 4.0.5.10 28676799 26842218
3.0.5.10 4.0.5.10 3106821685 3393005959
4.0.5.10 5.0.5.10 60 66
4.0.5.10 5.0.5.10 300 330
4.0.5.10 5.0.5.10 1500 1650
5.0.5.10 4.0.5.10 80051933 97657330
[...]
Same goes for ra(1)
[...]
$ ra -nnr sql.arg.bz2 - 'ip'
StartTime Flgs Proto SrcAddr Sport
Dir DstAddr Dport SrcPkts DstPkts SrcBytes
DstBytes State
07-01-20 01:00:08.217335 6 5.0.5.10.50941
<?> 4.0.5.10.5432 10 8 2339
2805 CON
07-01-20 01:00:15.507527 6 5.0.5.10.50941
<?> 4.0.5.10.5432 14 12 2424
2890 CON
07-01-20 01:00:13.430267 6 3.0.5.10.59695
<?> 4.0.5.10.5432 4 4 797
1244 CON
[...]
Regards,
Robin Gruyters
Network and Security Engineer
Yirdis B.V.
I: http://yirdis.com
P: +31 (0)36 5300394
F: +31 (0)36 5489119
Quoting Carter Bullard <carter at qosient.com>:
> Gentle people,
> New code is on the server for testing.
>
> ftp://qosient.com/dev/argus-3.0
>
> This fixes most of the issues on the list. The things still left to
> implement are:
> management record content verification/printing/etc....
> extend netflow support to version 7, 8
>
> Hope all is most excellent, and thanks for all the efforts!!!
>
> Carter
More information about the argus
mailing list