Argus processing multiple pcap files at once
Nick Diel
nick at engineerity.com
Thu Jul 9 15:42:51 EDT 2009
Carter,
I have hundreds of files a day (doing processing at the end of the day).
Was hoping that Argus was going to be like ra* and handle many files.
Though I now understand why Argus is different.
Perhaps I will throw together a little cat like script that would discard
all but the first pcap file header and stream them through stdin/out. Do
you see any problems with this from Argus' point of view?
Nick
On Thu, Jul 9, 2009 at 1:32 PM, Carter Bullard <carter at qosient.com> wrote:
> Hey Nick,
> Files and interfaces are handled in the same way in argus(), so there is a
> limit because
> handling a bunch of interfaces at line rate is going to have a limit. 5
> seemed like a good
> number, but its completely arbitrary.
>
> How many files do you want to process at a time?
>
> Carter
>
>
> On Jul 9, 2009, at 3:28 PM, Nick Diel wrote:
>
> Carter,
>>
>> I believe you turned on the abilitiy to process mutlitple pcap files in
>> Argus for me a while back. Is there any reason why there is a limit of 5
>> files at a time?
>>
>> Nick
>>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090709/863dd477/attachment.html>
More information about the argus
mailing list