grouping incoming http requests by subnet?
James A. Robinson
jim.robinson at gmail.com
Wed Jan 30 20:12:40 EST 2013
Hi folks,
I'm just starting to use argus, and I'd like to ask if the following
is on the right track for generating reports on incoming HTTP requests
by ip address network.
We deal with crawlers from the big indexers, and would like a way to
start generating summaries of the count of incoming requests by
network.
Is something like the following on the right track?
argus -r <datasource> -w - | ra -w - tcp port 80 | racluster -M rmon
-m saddr/24 - ip
My intent was to filter by traffic to port 80, and to group it by the
class C network for each IP.
Jim
More information about the argus
mailing list