heartbleed patterns ?
mike tancsa
mike at sentex.ca
Thu Apr 10 21:04:43 EDT 2014
On 4/10/2014 8:47 PM, Jesse Bowling wrote:
> Hi Mike,
>
> You would need to have this section in your argus.conf/command line in
> order to be generating application byte metrics (which pcr is based on):
>
> # Argus can be configured to generate metrics that include
> # the application byte counts as well as the packet count
> # and byte counters.
> #
> # Commandline equivalent -A
> #
>
> ARGUS_GENERATE_APPBYTE_METRIC=yes
Thanks, I do have that on the particular server I am interested in. I
collect it via radium, so hopefully that did not mess up the old
historical records.
ra -L0 -N 30 -nr radium.2014.04.03.16.00
-spcr,spkts,dpkts,dbytes,sbytes,srcappbyte - tcp and port 993 and pkts
gt 10 and host xxxx
PCRatio SrcPkts DstPkts DstBytes SrcBytes
-0.564713 82 75 17427 8200
-0.323127 18 11 3154 2438
0.081633 63 41 4596 6384
0.748789 10 35 2984 5352
-0.627924 87 71 16846 7774
-0.610738 23 14 5972 2744
-0.550795 40 24 7347 4315
-0.323609 31 19 3939 3426
-0.566158 43 25 7813 4551
0.073302 61 42 4662 6215
-0.510569 32 18 5341 3463
-0.745797 26 11 5459 2412
-0.775878 34 14 4648 2724
0.237192 6 11 1128 1048
-0.440237 16 10 3094 2002
0.990593 262 179 13419 355233
0.090220 61 41 4506 6183
-0.229565 28 17 3093 3090
0.235040 22 10 3760 6457
-0.025942 22 15 3086 3442
-0.634990 60 30 10204 5796
0.081633 63 42 4662 6384
-0.392833 15 11 2786 1888
-0.217314 31 20 3381 3378
-0.592405 37 24 8511 4221
-0.546398 23 13 3225 2225
0.081633 63 41 4596 6384
-0.342771 24 12 3029 2687
-0.527645 37 13 3232 3189
0.934990 38 26 2300 28527
More information about the argus
mailing list