I must be going blind -- ramon?

carter at qosient.com carter at qosient.com
Sun Mar 4 13:47:22 EST 2007


Hey Scott,
The "-M svc" option may not be there, and if you don't get the output you expect, send mail!!!   You should be able to accomplish what you want with:

    racluster -M rmon -m proto sport -r file -w - - tcp or udp | ra -N  25 -s proto sport spkts dpkts sbytes dbytes

Carter

(The only issue is whether racluster sorts the way you want, pkts bytes whatever)



Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax  

-----Original Message-----
From: "Scott A. McIntyre" <scott at xs4all.net>
Date: Sat, 03 Mar 2007 12:35:55 
To:Argus <argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] I must be going blind -- ramon?

Hi,

I've been so busy using just the basic ra3 utilities that when I went to
invoke my previously beloved "ramon" to do a -M Svc I was surprised to
see it was no longer in my $path (other than the ra2 version).

Sadly, a recent email server migration for me meant that a lot of my
argus-info mail was vorped into the Ether and I can't see what the
previous discussion has been on this utility.

What is the current best way to get a report like:

ramon -nn -L0  -M svc -r filename - | head -25

Sorry for the braindeadedness of the question!

Scott





More information about the argus mailing list