Argus Freezes
Sunjeet Singh
sstattla at gmail.com
Mon Nov 15 12:42:21 EST 2010
Hi Carter, thanks for your response-
On 10-11-15 9:32 AM, Carter Bullard wrote:
>
> Try running with a "-S 60" or "-S 5", and then take the output and
> process it using
> racluster(), rabins() or rasqlinsert() to get your 1 status report per
> day. racluster()
> and rabins() do their aggregation in RAM. rasqlinsert() provides a
> mechanism for
> using the disk to aggregate very large numbers of flows.
>
But with a -S 60 or -S 5, don't I run the risk of having a single
connection split and shown as multiple connections by Argus, especially
in a DOS situation where the packets might arrive much slower than normal?
Thank you,
Sunjeet Singh
More information about the argus
mailing list