TABLE OF CONTENTS Argus (www.qosient.com/argus), another session-auditing tool, has two major components: argus and ra *. Argus is the daemon or sniffing component, and several clients can be used for reading and displaying the Argus data. The advantage of using Argus is that it can maintain logs for TCP, UDP, and ICMP IP. Table 2.2 lists Argus clients and their uses.
| Client Name | Description | Example Use |
|---|---|---|
| ra | Read Argus. This is the base client from which all the others are built. | ra r < argus_file> > human_read.txt Will produce a space formatted text file. |
| racount | Used to count events from an argus data stream. | racount ar < argus_file> Will produce a summarized -r and protocol sorted -a table. |
| ragator | Used to combine matching records in an argus flow file. | ragator f < argus_file> -w newargus.file Will produce a smaller aggregate Argus data file. |
| ramon | The client that is used to create RMON2 reports. | ramon r < argus_file> > M TopM or Matrix Will produce a RMON2 style table. |
| rasort | Used to produce sorted reports based on criteria fields. | rasort r < argus_file> -s Will produce a table of the argus records sorted by source IP. |
| raxml | The client used to convert argus data records into XML formatted data. | raxml r < argus_file |
