Anonymization of argus flow data
Carter Bullard
carter at qosient.com
Tue Sep 3 08:00:02 EDT 2013
Hmmmm,
There shouldn't be any performance issues with anonymizing a file, if your just
anonymizing the IP addresses. How many addresses are in the file?
What does your ranonymize.conf file look like? How much memory is it using?
ranonymize() can be a little complex O(nLogN + C), but it should be
in the same time frame as racount(). How long does it take for racount()
to read the file?
Just a rule of thumb. If a ra* program doesn't complete in a few minutes, you
should stop it and try to figure out if there is a memory problem or not.
Carter
On Sep 2, 2013, at 2:20 PM, Kaustubh Gadkari <kaustubh.gadkari at gmail.com> wrote:
> Hi,
>
> I have a set of argus flow data captured at our data capture vantage point, and I want to anonymize the IP addresses (both source and destination) fully i.e. I want to replace both the addresses, using a prefix preserving technique. I have tried using ranonymize, but it is taking an extremely long time to anonymize the file (I started the process a couple of months ago, on a ~125GB file, and the output file size today is only ~30GB).
>
> Can anyone suggest the right way to go about anonymizing the data set I have? Is ranonymize the right tool for the job?
>
> Thanks,
> Kaustubh
>
> --
> Kaustubh Gadkari
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130903/89db60f8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130903/89db60f8/attachment.bin>
More information about the argus
mailing list