Real time capture of argus data.

Peter Van Epp vanepp at sfu.ca
Thu Jan 17 11:00:47 EST 2008


On Thu, Jan 17, 2008 at 06:04:15AM +0000, Robert Leyba wrote:
> Hi Peter...thanks for this.....I was not getting any text output.
> 
> did you mean something like ra -r outfile.out| ra -w - 
> 
> The screen was just sitting there....as though waiting for some other 
> parameter....
> 
> Basically....the outcome I am expecting is like a tcpdump output...where the 
> captured packets are being displayed on the fly.
> 
> thanks again.
> 

	I may have misunderstood what you were asking. The -w - command 
will pipe the ra output to stdout so a pipe will work as in

ra -r outfile.out -w - | racluster 

if you aren't seeing any output from an ra command (and assuming this is argus
3.0) you may have an outdated clients install. One of the recent rcs had 
an initialization problem where by default no output was generated. If
the ra -r outfile isn't giving you any text try 

ra -r outfile -s stime flgs proto saddr sport dir daddr dport pkts bytes state

if that prints when it doesn't without it, you need to get the latest clients
code (currently argus-clients-3.0.0.rc.68 I think). 

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada



More information about the argus mailing list