Question about racluster()
Rafael Barbosa
rrbarbosa at gmail.com
Mon Sep 20 08:52:04 EDT 2010
Thanks for the information. I am trying to visualize information from Argus
records, but for any picture to make sense I need to understand better what
is done during the aggregation. This info certainly helps.
> If you are curious, find a record that has a lot of status records, output
> them to a file, and then run racluster() against the file,
modifying the flow key using the "-m fields" option, so see how it works.
Ok. I will try that.
> Argus has a lot of rules for reporting on flow activity.
Is this documented? If not, could you guide me to the part of the code where
this decisions are made?
Thanks,
Rafael Barbosa
http://www.vf.utwente.nl/~barbosarr/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100920/fa8c774b/attachment.html>
More information about the argus
mailing list