ratop to display foreign countries

Carter Bullard carter at qosient.com
Wed Oct 29 10:55:26 EDT 2014 

Hey Monah,
Your clients should connect to radium, which should be connected to argus.
ratop connects to radium, which gets its data from argus.

Try this (notice the -P port changes and you don’t need to write to files):

sudo /usr/local/sbin/argus -m -U 256 -i eth1 -P 562 -d
sudo radium -S localhost:562 -P 561 -d -e `hostname`
ratop -S localhost:561 -s stime dur saddr sport daddr dport sco dco - co US

Carter

> On Oct 29, 2014, at 10:23 AM, Monah Baki <monahbaki at gmail.com> wrote:
> 
> Hi Carter,
> 
> This is what I have so far:
> 
> /etc/ralabel.conf
> RALABEL_ARIN_COUNTRY_CODES=yes
> RA_DELEGATED_IP="/usr/local/argus/delegated-ipv4-latest"
> 
> /etc/radium.conf
> RADIUM_CLASSIFIER_FILE=/etc/ralabel.conf
> 
> 
> Ran the following commands:
> sudo radium -S localhost:561 -d -e `hostname` -w /opt/radium.out
> sudo /usr/local/sbin/argus -m -w /opt/argus.out -U 256 -i eth1 -P 561 -d
> 
> I do get output from the below command:
> ratop -S localhost:561 -s stime sport dport sco dco
> 
> 
> However if I run:
> ratop -S localhost:561 -s stime sport dport sco dco - co US
> 
> 
> I get no output.
> 
> 
> Thanks
> Monah
> 
> 
> On Fri, Oct 24, 2014 at 2:32 PM, Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
> Hey Monah,
> Country codes are flow metadata, since the codes are not in the packets themselves. To process metadata, you have to label the flows with the codes you want to process.  Ralabel.1 does this, as well as radium.  These are the tools of choice, right now.
> 
> ra* programs can print  the country codes, because the code is
> generated in the printing rountines, but printing country codes doesn't insert the metadata into the records, so you have to label the data to do what you want.
> 
> If you are looking at flows from files, label the files with country codes using ralabel.1, then read the file with ratop.   If you want to do this with streaming data, have radium() label the argus data stream with country codes as it collects the data.  This will provide country codes for all your analytics.
> 
> If this doesn't do it for you ... send more email !!!!
> Carter
> 
> > On Oct 24, 2014, at 8:51 AM, Monah Baki <monahbaki at gmail.com <mailto:monahbaki at gmail.com>> wrote:
> >
> > Hi all,
> >
> > Is there a way in ratop to display only certain countries (China, Russia etc)
> >
> >
> > Thanks
> > Monah
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20141029/d1ce520a/attachment.html>

More information about the argus mailing list