man argus (Formats) - IP Network Auditing Facility

NAME

argus - IP Network Auditing Facility

COPYRIGHT

SYNOPSIS

#include <[argus_dir]/include/argus_def.h>
#include <[argus_dir]/include/argus_out.h>

DESCRIPTION

The format of the argus(8) data stream is most succinctly described through the structures defined in the header file, but the general format is as follows:

Argus File Format: Argus_Datum Initial_Management_Record Argus_Datum . . Argus_Datum Management_Statistics Argus_Datum . . where the individual data fields are defined as follows:

struct ArgusRecord {
   unsigned char type, cause;
   unsigned short length;
   unsigned int status;
   unsigned int argusid;
   unsigned int seqNumber;

union { struct ArgusMarStruct mar; struct ArgusFarStruct far; } ar_union; };

struct ArgusMarStruct { struct timeval startime, now; unsigned char major_version, minor_version; unsigned char interfaceType, interfaceStatus; unsigned short reportInterval, argusMrInterval; unsigned int argusid, localnet, netmask, nextMrSequenceNum; unsigned long long pktsRcvd, bytesRcvd; unsigned int pktsDrop, flows, flowsClosed; unsigned int actIPcons, cloIPcons; unsigned int actICMPcons, cloICMPcons; unsigned int actIGMPcons, cloIGMPcons; unsigned int actFRAGcons, cloFRAGcons; unsigned int actSECcons, cloSECcons; int record_len; };

struct ArgusFarStruct { unsigned char type, length; unsigned short status; unsigned int ArgusTransRefNum; struct ArgusTimeDesc time; struct ArgusFlow flow; struct ArgusAttributes attr; struct ArgusMeter src, dst; };

struct ArgusTimeDesc { struct timeval start; struct timeval last; };

struct ArgusFlow { union { struct ArgusIPFlow ip; struct ArgusICMPFlow icmp; struct ArgusMACFlow mac; struct ArgusArpFlow arp; struct ArgusRarpFlow rarp; struct ArgusESPFlow esp; } flow_union; };

struct ArgusIPAttributes { unsigned short soptions, doptions; unsigned char sttl, dttl; unsigned char stos, dtos; };

struct ArgusARPAttributes { unsigned char response[8]; };

struct ArgusAttributes { union { struct ArgusIPAttributes ip; struct ArgusARPAttributes arp; } attr_union; };

struct ArgusMeter { unsigned int count, bytes, appbytes; };

struct ArgusIPFlow { unsigned int ip_src, ip_dst; unsigned char ip_p, tp_p; unsigned short sport, dport; unsigned short ip_id; };

struct ArgusICMPFlow { unsigned int ip_src, ip_dst; unsigned char ip_p, tp_p; unsigned char type, code; unsigned short id, ip_id; };

struct ArgusMACFlow { struct ether_header ehdr; unsigned char dsap, ssap; };

struct ArgusArpFlow { unsigned int arp_spa; unsigned int arp_tpa; unsigned char etheraddr[6]; unsigned short pad; }; struct ArgusRarpFlow { unsigned int arp_tpa; unsigned char srceaddr[6]; unsigned char tareaddr[6]; }; struct ArgusESPFlow { unsigned int ip_src, ip_dst; unsigned char ip_p, tp_p; unsigned short pad; unsigned int spi; };

cd ~tigrou/pwet.fr/man/linux/Formats/argus

man argus (Formats) - IP Network Auditing Facility

NAME

COPYRIGHT

SYNOPSIS

DESCRIPTION

SEE ALSO

Sections du manuel

Blog Linux