ra -c delimeter and ragraph

Carter Bullard carter at qosient.com
Tue Jan 22 06:23:41 EST 2008


Hey CS Lee,
Is it "appbytes" that is missing?
Are "sappbytes" and "dappbytes" working?

Space is the default delimiter, which will give you default behavior. The '.' Is there by default to give you tcpdump() like output.

The test is:
   Is the delimiter ' '.
   Is the port just after the address.

Can you use a different delimiter or rearrange the columns?

Space is not usually good, as the date field can insert spaces, messing up the column count.  (Commas too but less likely) and multiple spaces generate interesting results.

Carter

Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax

-----Original Message-----
From: "CS Lee" <geek00l at gmail.com>

Date: Tue, 22 Jan 2008 12:54:31 
To:Argus <argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] ra -c delimeter and ragraph


Hi Carter,

Two question. I recall that you have added the appbytes as the metric that can be plotted using ragraph in previous version(my request) but when I tried it  out using latest ragraph, it doesn't seem to be valid metric that I can use. 

Another thing is when I print out the flow data with space as delimeter ra -c ' ', everything is fine except if I define -s saddr sport or daddr dport, it is not delimetered with a space but always delimetered with a dot for example - 

192.168.5.10.80

Thanks.

-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com <http://geek00l.blogspot.com> 


More information about the argus mailing list