Netflow question
Peter Van Epp
vanepp at sfu.ca
Fri Jan 18 16:42:08 EST 2008
On Fri, Jan 18, 2008 at 04:28:42PM -0500, Carter Bullard wrote:
> Hey Peter,
> If you can just grab the records with "ra -r pobox.netflow -w test.out
> - host 71.90.234.102 and port 1254"
> that should get me the data I need to see if I get the same behavior.
>
> This should give you the same results?
> "ra -r pobox.netflow -w - - host 71.90.234.102 and port 1254 |
> racluster -f racluster.conf"
>
> Carter
>
Yep same output. test.out attached:
vanepp at sniffer1:/spare> ra3 -r pobox.netflow -w test.out - host 71.90.234.102 and port 1254
vanepp at sniffer1:/spare> ra3 -r test.out
08-01-11 11:38:58 e tcp 142.58.101.50.smtp ?> 71.90.234.102.de-noc 7 1035
08-01-11 11:38:59 e tcp 71.90.234.102.de-noc ?> 142.58.101.50.smtp 9 682
vanepp at sniffer1:/spare> ra3 -r pobox.netflow -w - - host 71.90.234.102 and port 1254 |racluster -f racluster.conf
08-01-11 11:38:58 e tcp 142.58.101.50.smtp ?> 71.90.234.102.de-noc 7 1035
08-01-11 11:38:59 e tcp 71.90.234.102.de-noc ?> 142.58.101.50.smtp 9 682
vanepp at sniffer1:/spare> ra3 -r test.out -w - - host 71.90.234.102 and port 1254 |racluster -f racluster.conf
08-01-11 11:38:58 e tcp 142.58.101.50.smtp ?> 71.90.234.102.de-noc 7 1035
08-01-11 11:38:59 e tcp 71.90.234.102.de-noc ?> 142.58.101.50.smtp 9 682
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.out
Type: application/octet-stream
Size: 328 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080118/7d721ce2/attachment.obj>
More information about the argus
mailing list