simple question

Rodney McKee rmckee at aconex.com
Wed May 6 01:52:07 EDT 2009 

Alexander, 

As Peter mentioned, the thing that I was missing was the recording of MAC addresses. 

ARGUS_GENERATE_MAC_DATA=yes 

Make sure this is enabled on the server otherwise its a more complex process. 


----- "Alexander Bochmann" <ab at lists.gxis.de> wrote: 
> Hi, 
> 
> ...on Thu, Apr 30, 2009 at 11:25:47PM -0400, Carter Bullard wrote: 
> 
> > I would suggest that you do this instead: 
> > rabins -M rmon -r 27.gz -M hard time 1h -m srcid smac -w - | \ 
> > ra -s stime srcid smac sbytes:20 dbytes:20 bytes:20 sload:20 
> > dload:20 load:20 - ether src host 00:15:60:0C:B5:6A 
> > The main difference, is that we have added "smac" to the aggregation. 
> > We need the second ra(), so we can select the record where the mac 
> > address is the source, which is the single record where the metrics 
> > represent the input and output values for the interface. 
> 
> I've been asking myself a similar question recently, coming 
> to the conclusion that I don't really understand how to make 
> argus work for me ;) ... CS Lee has been trying to help me 
> on the IRC channel a couple of days ago, but I'm still quite 
> lost... 
> 
> I, too, want to generate a simple graph representing "input" 
> and "output" traffic on an interface. My probe is on a mirror 
> port that monitors the inside interface of the gateway router. 
> 
> So I want to see packets / bytes "leaving" my local network 
> in one direction on the y axis of my graph and those "coming 
> in" on the other side. 
> 
> I'm rather certain the ragraph call I've been using is wrong 
> with that goal in mind because it's just: 
> 
> ragraph sbytes dbytes -m smac proto dport -M 1m -w if.png -r argus/2009/04/25/* 
> 
> With just that, ra cannot know what is "local" to my 
> network, so sbytes and dbytes is most probably not the same 
> as "in" and "out". 
> 
> I assume that I should be doing something with racluster, 
> but my brain is broken and/or I just can't get some of the 
> basic concepts. 
> 
> Alex. 
> 
> 

-- 













Rodney McKee 
Linux systems administrator 
	Aconex 
The easy way to save time and money on your project 

696 Bourke Street, Melbourne 
Tel: +61 3 9240 0200 Fax: +61 3 9240 0299 
Email: rmckee at aconex.com www.aconex.com 
This email and any attachments are intended solely for the addressee. The contents may be privileged, confidential and/or subject to copyright or other applicable law. 
No confidentiality or privilege is lost by an erroneous transmission. If you have received this e-mail in error, please let us know by reply e-mail and delete or destroy 
this mail and all copies. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. The sender takes no 
responsibility for the effect of this message upon the recipient's computer system. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090506/95d63d59/attachment.html>

More information about the argus mailing list