Cheat sheet premiere
Stéphane Peters
stephane.peters at forem.be
Fri Mar 7 17:06:02 EST 2008
Hi Carter,
I would love to see such a sheet in the distribution,
and I also was hoping that you could check,
if those examples made sense or were appropriate.
So please go on !
Some cosmetic work could be done too;
for example to use everywhere some "standard" parameters like this one :
file=argus-eth1.out
ra -r $file
so it is easy to paste the line "as is".
without forgetting the shell escapes ( \$srcid) like in:
rasplit -S $argushost -M 1d -w /path/argus-\$srcid.%Y.%m.%d.log
By the way, as another example given to the list, here are 3 scripts I use.
The PATH vars permit to have a nicer ps(1) output.
start-argus
> #!/bin/sh
> interf=eth1
> PATH=/sbin ifconfig $interf | grep UP || PATH=/sbin ifconfig $interf up
> PATH=/usr/local/sbin argus -d -i $interf -e `hostname` -P 561 -U128
> -mRS 30 -w argus-eth1.out
rotate:
> #!/bin/sh
>
> # Rotates server log files, without affecting users who may be
> # connected to the server.
>
> # This can be run as a cron script
>
> DATE=`date +%Y-%m%d-%H%M`
> LOGS='argus-eth1.out'
>
> for i in $LOGS; do
> if [ -f $i ]; then
> mv $i $i.$DATE
> gzip -9 $i.$DATE
> fi
> done
rotate-daily
> #!/bin/sh
> ./rotate
> sleep 60 # sometimes the preceding command finishes too early
> echo ./rotate-daily | at 0000 > /tmp/rotate-daily.log
I use at(1) instead of cron(8) to cut the files closer to midnight.,
but rastream(1)'s extended "-w" option seems promising.
A better solution could be to use argus(8) to preprocess the flows,
and rastream(1). to write, "rotate" and compress the files.
Another thread, perhaps.
Carter Bullard wrote :
> Hey Stephane,
> This is great!!!! I'll put this in the distribution, if you don't
> mind!!!!
> And I'll also go through it to make sure that any changes in the
> code actually don't break this, and I can add some of the ones
> that I do.
>
> So Russell is asking for a wiki, and we already have one at:
>
> http://www.vorant.com/nsmwiki/index.php?title=Argus
>
>
> Carter
>
>
>
>
> On Mar 7, 2008, at 2:24 PM, Stéphane Peters wrote:
>
>> Hi Stewart,
>>
>> I also think that a cheat sheet would be nice !
>> Here is a good occasion to show mine...
>>
>> Please note, most of the stuff has been collected right from this
>> argus list,
>> so hopefully, you shouldn't browse all the (numerous) past messages.
>>
>> Any suggestions ?
>>
>> ------------------------------------------------------------------------
>> flow filtering on certain port range:
>> ra -r file - dst port \( gt 1024 and lt 2048 \)
>> (...)
>> ------------------------------------------------------------------------
>>
>>
>> Stewart Gray a écrit :
>>> awesome, that's more like what I was after :) Thanks for your help
>>> again.
>>>
>>> As I mentioned earlier, I reckon it'd be neat to have some sort of cheat
>>> sheet for doing common tasks. I bet there's lot's of stuff you know that
>>> others don't, having written the application yourself. I don't know what
>>> I don't know!
>>>
>>
>> Regards,
>> --
>> Stephane.Peters at forem.be, Postmaster at forem.be
>
Regards,
--
Stephane.Peters at forem.be
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080307/d6dd58cd/attachment.html>
More information about the argus
mailing list