Top talkers on particular service

Carter Bullard carter at qosient.com
Mon Mar 3 22:47:59 EST 2008 

Hey Stewart,
You don't have to upgrade your argus, just the client programs.
The new clients can read argus-2.x data fine.

Carter





On Mar 3, 2008, at 7:42 PM, Stewart Gray wrote:

> I'm actually still running argus 2.0.6 on the machine in question, I
> guess I have to upgrade first to use racluster :)
>
> Thanks for the command, i'll give it a crack this evening.
>
> Cheers,
>
> Stewart
>
> -----Original Message-----
> From: Pablo J. Rebollo-Sosa [mailto:Pablo.Rebollo at ece.uprm.edu]
> Sent: Tuesday, 4 March 2008 10:08 a.m.
> To: Stewart Gray
> Cc: argus-info at lists.andrew.cmu.edu
> Subject: Re: [ARGUS] Top talkers on particular service
>
> Stew,
>
> You could try the following.
>
> racluster -r argus.* -M rmon -m saddr  -w - - port https | rasort -m
> bytes -w - | ra -N 20 -s saddr trans:10 sbytes:14 dbytes:14 bytes:14
>
> Best regards,
>
> Pablo J. Rebollo
>
> Stewart Gray wrote:
>> Hey Guys,
>>
>> A simply question im sure. How do you get a list of top talkers for a
>> particular service. In real terms, I'm seeing a large spike in https
>> traffic and I'd like to know who is generating the traffic. I've
>> played with 'ramon -M Matrix' but I'm only interested in the src
>> addresses initially. Once i've determine the top talker it'd be good
>> to drill it down to find what it's talking to.
>>
>> Have you considering putting an argus cheat sheet of sorts on your
> page?
>> It could cover a bunch of argus tool usage examples. It'd be useful
>> for these sorts of queries :)
>>
>> Thanks,
>>
>> Stew
>> ######################################################################
>> ###############
>> Important: This electronic message and attachments (if any) are
>> confidential and may be legally privileged. If you are not the
>> intended recipient do not copy, disclose or use the contents in any
>> way. Please let us know by return e-mail immediately and then destroy
> this message.
>> ######################################################################
>> ###############
> #####################################################################################
> Important: This electronic message and attachments (if any) are  
> confidential
> and may be legally privileged. If you are not the intended recipient  
> do not
> copy, disclose or use the contents in any way. Please let us know by  
> return
> e-mail immediately and then destroy this message.
> #####################################################################################
>

More information about the argus mailing list