rabins, ragraph and aggregation of protocols
Jesper Skou Jensen
jesper.skou.jensen at uni-c.dk
Thu Feb 13 06:18:53 EST 2014
Wow, very elaborate answer.
Thank you very much Carter, as always you nail it.
--
Regards
Jesper
On 11-02-2014 18:47, Carter Bullard wrote:
> Hey Jesper,
> rabins() is a generic argus data aggregator, so it can be configured with
> a racluster() configuration file, using the -f option. When using the -f
> option, it should override any “-m fields” command line option you may be
> using, but better to not use the “-m fields” and the “-f racluster.conf”
> option to remove any confusion.
>
> With this as an example racluster.conf, and you can get away with just
> graphing the ip traffic, you should be able to get what you want:
>
> filter="tcp" model="srcid proto" status=0 idle=0
> filter="udp" model="srcid proto" status=0 idle=0
> filter="" model="srcid " status=0 idle=0
>
> With this you can use ragraph to graph the “ proto " object, and
> you’ll get tcp, udp and ip for the graph.
>
> ragraph sbytes dbytes proto -M time 1d -f racluster.conf …… - ip
>
More information about the argus
mailing list