ratop to display foreign countries

Carter Bullard carter at qosient.com
Fri Oct 24 14:32:25 EDT 2014


Hey Monah,
Country codes are flow metadata, since the codes are not in the packets themselves. To process metadata, you have to label the flows with the codes you want to process.  Ralabel.1 does this, as well as radium.  These are the tools of choice, right now.

ra* programs can print  the country codes, because the code is
generated in the printing rountines, but printing country codes doesn't insert the metadata into the records, so you have to label the data to do what you want.

If you are looking at flows from files, label the files with country codes using ralabel.1, then read the file with ratop.   If you want to do this with streaming data, have radium() label the argus data stream with country codes as it collects the data.  This will provide country codes for all your analytics.

If this doesn't do it for you ... send more email !!!!
Carter

> On Oct 24, 2014, at 8:51 AM, Monah Baki <monahbaki at gmail.com> wrote:
> 
> Hi all,
> 
> Is there a way in ratop to display only certain countries (China, Russia etc)
> 
> 
> Thanks
> Monah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2443 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20141024/8440f58b/attachment.bin>


More information about the argus mailing list