creating missing manpages for ra* clients
George Jones
fooologist at gmail.com
Mon Sep 13 08:22:45 EDT 2010
Here's a documentation project if anybody's up for it: troll carters posts
on
the list, look at the source code and at least stub out man pages for the
ra* tools that currently lack them, perhaps with hyperlinks back to
the relevant mailing list threads
----George Jones
~/rebuild/argus-clients-3.0.3.17/bin> foreach i (ra*)
foreach? man $i > man/$i.man
foreach? end
No manual entry for raconvert
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for radark
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for radump
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rafilteraddr
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rahosts
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for ralabel
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rapolicy
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for raports
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for raservices
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rasql
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rasqlinsert
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rasqltimeindex
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for ratemplate
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for ratimerange
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for ratree
See 'man 7 undocumented' for help when manual pages are not available.
No manual entry for rauserdata
See 'man 7 undocumented' for help when manual pages are not available.
On Fri, Sep 10, 2010 at 9:02 AM, Mike Tancsa <mike at sentex.ca> wrote:
> At 03:16 PM 9/9/2010, carter at qosient.com wrote:
>
>> Hey Mark,
>> Take a look at the rahosts() perk script. It will report on the number of
>> hosts, hosts attempt to access. It is the simplest of tools to report simle
>> scanning behavior.
>>
>> radark() is also a good script for dealing with scan detection, but it is
>> trying to discover scanning at a very low level of activity, which are below
>> the thresholds you mention. Maybe overkill.
>>
>
>
> Thanks Carter, these look like great tools ! I noticed there is no man page
> for them ?
>
> ---Mike
>
>
>
> Give these a try and send email if they were helpful at all, and if they
>> sucked for what you want to do.
>>
>> Carter
>> Sent from my Verizon Wireless BlackBerry
>>
>> -----Original Message-----
>> From: Mike Tancsa <mike at sentex.ca>
>> Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
>> Date: Thu, 09 Sep 2010 10:14:22
>> To: <argus-info at lists.andrew.cmu.edu>
>> Subject: [ARGUS] looking for scanners and other "bad" activity
>>
>> Hi,
>> I am hoping to use my argus data for some real time threat
>> analysis looking for hosts scanning inside my network either
>> individual hosts or ports on a host. In general, the questions I
>> want to answer are like
>>
>> What external IP addresses have hit > n hosts on port y in less than x
>> hrs
>>
>> eg. what external IP addresses have hit port 3389 on more than 20
>> different IP addresses in the past 1hr
>>
>> I could do some scripting to interpret the text output, but was
>> hoping there would be some combo of racluster and other argus tools
>> to help me answer that question.
>>
>> ---Mike
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100913/539064ad/attachment.html>
More information about the argus
mailing list