racount

CS Lee geek00l at gmail.com
Mon Jan 28 14:49:46 EST 2008 

Hi Matthew,

Can you tell me in more detail what kind of information you want, as far as
I know you can craft them out with racluster especially to generate
statistics.

Cheers ;]

On Jan 29, 2008 3:46 AM, Mathew Brown <mathewbrown at fastmail.fm> wrote:

> Hi CS,
>
>  Thanks.  However, it seems strange that the -a option was removed, so
>  you only get a one-line summary and not the details that you could get
>  from argus v2.x  I think the 2.x version of racount provided more
>  information than the current 3.x version.
>
> On Tue, 29 Jan 2008 01:11:19 +0800, "CS Lee" <geek00l at gmail.com> said:
> > Hi Matthew,
> >
> > There's no -a option, simply use -
> >
> > racount -r whatever.argus3
> >
> > This will produce result you need.
> >
> > Date: Sun, 27 Jan 2008 10:52:59 -0800
> > From: "Mathew Brown" <mathewbrown at fastmail.fm>
> > Subject: [ARGUS] racount and other commands won't run under
> >        argus-clients-3.0.0.rc.68
> > To: argus-info at lists.andrew.cmu.edu
> > Message-ID: <1201459980.14910.1233537409 at webmail.messagingengine.com>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Hi,
> >
> >  I'm new to Argus and just recently compiled and installed argus and
> >  argus-clients on a Debian machine.  I'm able to run argus
> >  successfully:
> >
> >  argus -r capture.cap -w capture.cap.argus
> >
> >  works fine.  However, when I try to run any of the r-commands such as
> >  rahosts or racount, it gives me the following error such as:
> >
> >   racount -ar capture.cap.argus
> >   racount[27189]: 20:51:15.185652 /etc/ra.conf: syntax error line 199
> >   racount   records     total_pkts     src_pkts       dst_pkts
> >   total_bytes        src_bytes          dst_bytes
> >    sum   0           0              0              0              0
> >                 0                  0
> >
> >  Looking into /etc/ra.conf on line 199, I see the following:
> >
> >  RA_PRINT_HOSTNAMES=no
> >
> >  Any ideas?  Thanks for your help.
> >
> > PS.  I'm currently using argus-3.0.0 and
> > argus-clients-3.0.0.rc.68.tar.gz
> > --
> >  Mathew Brown
> >  mathewbrown at fastmail.fm
> >
> >
> > --
> > Best Regards,
> >
> > CS Lee<geek00L[at]gmail.com>
> >
> > http://geek00l.blogspot.com
> --
>  Mathew Brown
>  mathewbrown at fastmail.fm
>
> --
> http://www.fastmail.fm - Same, same, but different…
>
>


-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080129/2485c70b/attachment.html>

More information about the argus mailing list