racount
Mathew Brown
mathewbrown at fastmail.fm
Mon Jan 28 15:00:20 EST 2008
Hi CS,
Nothing in particular. As I mentioned in a previous post, I'm still
new at Argus (compiled it for the first time yesterday) so I just
compared it with argus 2.x which I also started using 2 days ago or
so. By the way, if you're the author of http://geek00l.blogspot.com/
I love your blog :) Finally, as most information and tutorials on the
net cover Argus 2.x, there aren't many examples of Argus 3.x. It
would be great if a "Argus 3.x Recipes section" could be added to the
main page of http://qosient.com/argus/ with examples of different
scenarios and depending on the scenario and objective, you would run
various ra* commands. Experienced users can then provide newbies like
myself with direction on how to approach different scenarios and the
power of using argus and the ra* commands in comparison with any other
alternative. Thanks again.
On Tue, 29 Jan 2008 03:49:46 +0800, "CS Lee" <geek00l at gmail.com> said:
> Hi Matthew,
>
> Can you tell me in more detail what kind of information you want, as far
> as
> I know you can craft them out with racluster especially to generate
> statistics.
>
> Cheers ;]
>
> On Jan 29, 2008 3:46 AM, Mathew Brown <mathewbrown at fastmail.fm> wrote:
>
> > Hi CS,
> >
> > Thanks. However, it seems strange that the -a option was removed, so
> > you only get a one-line summary and not the details that you could get
> > from argus v2.x I think the 2.x version of racount provided more
> > information than the current 3.x version.
> >
> > On Tue, 29 Jan 2008 01:11:19 +0800, "CS Lee" <geek00l at gmail.com> said:
> > > Hi Matthew,
> > >
> > > There's no -a option, simply use -
> > >
> > > racount -r whatever.argus3
> > >
> > > This will produce result you need.
> > >
> > > Date: Sun, 27 Jan 2008 10:52:59 -0800
> > > From: "Mathew Brown" <mathewbrown at fastmail.fm>
> > > Subject: [ARGUS] racount and other commands won't run under
> > > argus-clients-3.0.0.rc.68
> > > To: argus-info at lists.andrew.cmu.edu
> > > Message-ID: <1201459980.14910.1233537409 at webmail.messagingengine.com>
> > > Content-Type: text/plain; charset="iso-8859-1"
> > >
> > > Hi,
> > >
> > > I'm new to Argus and just recently compiled and installed argus and
> > > argus-clients on a Debian machine. I'm able to run argus
> > > successfully:
> > >
> > > argus -r capture.cap -w capture.cap.argus
> > >
> > > works fine. However, when I try to run any of the r-commands such as
> > > rahosts or racount, it gives me the following error such as:
> > >
> > > racount -ar capture.cap.argus
> > > racount[27189]: 20:51:15.185652 /etc/ra.conf: syntax error line 199
> > > racount records total_pkts src_pkts dst_pkts
> > > total_bytes src_bytes dst_bytes
> > > sum 0 0 0 0 0
> > > 0 0
> > >
> > > Looking into /etc/ra.conf on line 199, I see the following:
> > >
> > > RA_PRINT_HOSTNAMES=no
> > >
> > > Any ideas? Thanks for your help.
> > >
> > > PS. I'm currently using argus-3.0.0 and
> > > argus-clients-3.0.0.rc.68.tar.gz
> > > --
> > > Mathew Brown
> > > mathewbrown at fastmail.fm
> > >
> > >
> > > --
> > > Best Regards,
> > >
> > > CS Lee<geek00L[at]gmail.com>
> > >
> > > http://geek00l.blogspot.com
> > --
> > Mathew Brown
> > mathewbrown at fastmail.fm
> >
> > --
> > http://www.fastmail.fm - Same, same, but different…
> >
> >
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
--
Mathew Brown
mathewbrown at fastmail.fm
--
http://www.fastmail.fm - Same, same, but different
More information about the argus
mailing list