Anonymization of argus flow data

Jesper Skou Jensen jesper.skou.jensen at uni-c.dk
Tue Sep 3 09:34:22 EDT 2013


I can't say why ranonymize is taking that long, but it might be because 
there are many millions sessions in your logfile?

You could try using rasplit on the file first and then analyzing the 
resulting split-files one by one.

Depending on how long a period that 125GB file covers, you could split 
it into eg. days or hours. That way it should be much less taxing on 
cpu/memory/io usage.


Regards
Jesper


On 02-09-2013 20:20, Kaustubh Gadkari wrote:
> Hi,
>
> I have a set of argus flow data captured at our data capture vantage 
> point, and I want to anonymize the IP addresses (both source and 
> destination) fully i.e. I want to replace both the addresses, using a 
> prefix preserving technique. I have tried using ranonymize, but it is 
> taking an extremely long time to anonymize the file (I started the 
> process a couple of months ago, on a ~125GB file, and the output file 
> size today is only ~30GB).
>
> Can anyone suggest the right way to go about anonymizing the data set 
> I have? Is ranonymize the right tool for the job?
>
> Thanks,
> Kaustubh
>
> -- 
> Kaustubh Gadkari




More information about the argus mailing list