Real time capture of argus data.
Peter Van Epp
vanepp at sfu.ca
Thu Jan 17 11:17:57 EST 2008
On Thu, Jan 17, 2008 at 06:04:15AM +0000, Robert Leyba wrote:
> Hi Peter...thanks for this.....I was not getting any text output.
>
> did you mean something like ra -r outfile.out| ra -w -
>
> The screen was just sitting there....as though waiting for some other
> parameter....
>
> Basically....the outcome I am expecting is like a tcpdump output...where the
> captured packets are being displayed on the fly.
>
> thanks again.
>
Shouldn't answer before coffee :-). For real time output you need
an argus sensor running argus writing to a socket as in:
argus -Jd -P 560 -i eth0 -i eth1
on one machine (this is best on all but quite slow links anyway for packet
loss issues) and ra on another machine that is reading from the socket:
ra -S ip_of_argus_machine:560 -n
(my usual case is ra -S ip_of_argus_machine:560 -n -w argus.out to produce
an archive file). Without the -w this will write textual ra data to stdout
(and can be piped to whatever you like such as a perl program) in real time
which is I think what you wanted in the first place :-). To put it in to
another argus client program then you would need the -w - to convert the
output from text to argus records.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list