heartbleed patterns ?
mike tancsa
mike at sentex.ca
Thu Apr 10 21:11:23 EDT 2014
These options look better
# ra -L0 -N 30 -nr radium.2014.04.03.16.00
-spcr,sbytes,dbytes,sappbytes,dappbytes - tcp and port 993 and pkts gt
10 and srcid <host I am interested in>
PCRatio SrcBytes DstBytes SAppBytes DAppBytes
-0.564713 8200 17427 3718 13365
-0.323127 2438 3154 1238 2420
0.081633 6384 4596 2226 1890
0.748789 5352 2984 4692 674
-0.627924 7774 16846 2974 13012
-0.610738 2744 5972 1218 5040
-0.550795 4315 7347 1667 5755
-0.323609 3426 3939 1368 2677
-0.566158 4551 7813 1705 6155
0.073302 6215 4662 2189 1890
-0.510569 3463 5341 1343 4145
-0.745797 2412 5459 688 4725
-0.775878 2724 4648 472 3740
0.237192 1048 1128 652 402
-0.440237 2002 3094 946 2434
0.990593 355233 13419 337929 1597
0.090220 6183 4506 2157 1800
-0.229565 3090 3093 1230 1963
0.235040 6457 3760 5005 3100
-0.025942 3442 3086 1990 2096
-0.634990 5796 10204 1836 8224
0.081633 6384 4662 2226 1890
-0.392833 1888 2786 898 2060
-0.217314 3378 3381 1320 2053
-0.592405 4221 8511 1771 6919
-0.546398 2225 3225 699 2383
0.081633 6384 4596 2226 1890
-0.342771 2687 3029 1091 2229
-0.527645 3189 3232 739 2390
0.934990 28527 2300 26431 888On
4/10/2014 9:04 PM, mike tancsa wrote:
> On 4/10/2014 8:47 PM, Jesse Bowling wrote:
>> Hi Mike,
>>
>> You would need to have this section in your argus.conf/command line in
>> order to be generating application byte metrics (which pcr is based on):
>>
>> # Argus can be configured to generate metrics that include
>> # the application byte counts as well as the packet count
>> # and byte counters.
>> #
>> # Commandline equivalent -A
>> #
>>
>> ARGUS_GENERATE_APPBYTE_METRIC=yes
>
> Thanks, I do have that on the particular server I am interested in. I
> collect it via radium, so hopefully that did not mess up the old
> historical records.
>
> ra -L0 -N 30 -nr radium.2014.04.03.16.00
> -spcr,spkts,dpkts,dbytes,sbytes,srcappbyte - tcp and port 993 and pkts
> gt 10 and host xxxx
> PCRatio SrcPkts DstPkts DstBytes SrcBytes
> -0.564713 82 75 17427 8200
> -0.323127 18 11 3154 2438
> 0.081633 63 41 4596 6384
> 0.748789 10 35 2984 5352
> -0.627924 87 71 16846 7774
> -0.610738 23 14 5972 2744
> -0.550795 40 24 7347 4315
> -0.323609 31 19 3939 3426
> -0.566158 43 25 7813 4551
> 0.073302 61 42 4662 6215
> -0.510569 32 18 5341 3463
> -0.745797 26 11 5459 2412
> -0.775878 34 14 4648 2724
> 0.237192 6 11 1128 1048
> -0.440237 16 10 3094 2002
> 0.990593 262 179 13419 355233
> 0.090220 61 41 4506 6183
> -0.229565 28 17 3093 3090
> 0.235040 22 10 3760 6457
> -0.025942 22 15 3086 3442
> -0.634990 60 30 10204 5796
> 0.081633 63 42 4662 6384
> -0.392833 15 11 2786 1888
> -0.217314 31 20 3381 3378
> -0.592405 37 24 8511 4221
> -0.546398 23 13 3225 2225
> 0.081633 63 41 4596 6384
> -0.342771 24 12 3029 2687
> -0.527645 37 13 3232 3189
> 0.934990 38 26 2300 28527
More information about the argus
mailing list