ratop to display foreign countries

Wed Oct 29 10:23:00 EDT 2014

Hi Carter,

This is what I have so far:

/etc/ralabel.conf
RALABEL_ARIN_COUNTRY_CODES=yes
RA_DELEGATED_IP="/usr/local/argus/delegated-ipv4-latest"

/etc/radium.conf
RADIUM_CLASSIFIER_FILE=/etc/ralabel.conf

Ran the following commands:
sudo radium -S localhost:561 -d -e `hostname` -w /opt/radium.out
sudo /usr/local/sbin/argus -m -w /opt/argus.out -U 256 -i eth1 -P 561 -d

I do get output from the below command:
ratop -S localhost:561 -s stime sport dport sco dco

However if I run:
ratop -S localhost:561 -s stime sport dport sco dco - co US

I get no output.

Thanks
Monah

On Fri, Oct 24, 2014 at 2:32 PM, Carter Bullard <carter at qosient.com> wrote:

> Hey Monah,
> Country codes are flow metadata, since the codes are not in the packets
> themselves. To process metadata, you have to label the flows with the codes
> you want to process.  Ralabel.1 does this, as well as radium.  These are
> the tools of choice, right now.
>
> ra* programs can print  the country codes, because the code is
> generated in the printing rountines, but printing country codes doesn't
> insert the metadata into the records, so you have to label the data to do
> what you want.
>
> If you are looking at flows from files, label the files with country codes
> using ralabel.1, then read the file with ratop.   If you want to do this
> with streaming data, have radium() label the argus data stream with country
> codes as it collects the data.  This will provide country codes for all
> your analytics.
>
> If this doesn't do it for you ... send more email !!!!
> Carter
>
> > On Oct 24, 2014, at 8:51 AM, Monah Baki <monahbaki at gmail.com> wrote:
> >
> > Hi all,
> >
> > Is there a way in ratop to display only certain countries (China, Russia
> etc)
> >
> >
> > Thanks
> > Monah
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20141029/29efad40/attachment.html>