racluster, rmon and filters
Rafael Barbosa
rrbarbosa at gmail.com
Wed Jun 15 04:33:47 EDT 2011
Hi all,
I am trying to generate statistics per source address with the option -M
rmon. However I am interested only in the address from a specific network,
let's say 192.168.0.0/16. So I tried:
$ racluster -M rmon -m saddr -r flows.argus- 'ip and src net 192.168.0.0/16'
To my surprise I have many rows that are not from 192.16.0.0/16. However if
I run:
$ racluster -M rmon -m saddr -r flows.argus -w - | ra - 'ip and src net
192.168.0.0/16'
I seem to get the expected results.
Am I missing something?
Rafael Barbosa
http://www.vf.utwente.nl/~barbosarr/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110615/021c8327/attachment.html>
More information about the argus
mailing list