Some Questions About Argus

Carter Bullard carter at qosient.com
Mon Dec 20 09:13:44 EST 2010


Hey Daniel,
There is no "text" option for argus().  The "-t" option of argus specifies that the packet input is in
a legacy packet format.  If you want to print out argus records as text, you use the ra* client programs.

FThe ith flow in a given Tth time period would be the job of rabins().  rabins() structures flow records
into time slots, or bins.  To print out the i[T], you would need to modify rabins() to print the rank, which
is implemented in ratop().  What constitutes ith (rate, load, time, etc....) would be the sort algorithm,
and that is currently supplied via configuration file, but it is not a well documented option.

If you need any help, don't hesitate to send email to the list.

Carter

On Dec 20, 2010, at 6:10 AM, Daniel Yahyazadeh wrote:

> Greetings,
>  
> We are researching about malware detection and we want to use Argus in part of our framework, so we have some question about Argus,
> 1- Why we can't open .txt file that generated by Argus server with -t <txt file path> option? (for example we can not open this file with gedit program)
> 2- If we want to generate flow in the form of below, which part of source code should be altered?
>  
> Flow i [T] = ith flow in Tth time period  
>  
> We would appreciate your support in this regard,
>  
> Yours sincerely,
>  
> Yahyazadeh
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101220/5c7e592f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101220/5c7e592f/attachment.bin>


More information about the argus mailing list