ARGUS(5)

NAME

argus - IP Network Auditing Facility

COPYRIGHT

Copyright (c) 2000-2004 QoSient. All rights reserved.

SYNOPSIS

#include <[argus_dir]/include/argus_def.h>
#include <[argus_dir]/include/argus_out.h>

DESCRIPTION

The format of the argus(8) data stream is most succinctly described through the structures defined in the header file, but the general format is as follows:
Argus File Format:
Argus_Datum Initial_Management_Record Argus_Datum
.
.
Argus_Datum Management_Statistics Argus_Datum
.
.
where the individual data fields are defined as follows:

struct ArgusRecord {
unsigned char type, cause;
unsigned short length;
unsigned int status;
unsigned int argusid;
unsigned int seqNumber;
union {
struct ArgusMarStruct mar;
struct ArgusFarStruct far;
} ar_union;
};
struct ArgusMarStruct {
struct timeval startime, now;
unsigned char major_version, minor_version;
unsigned char interfaceType, interfaceStatus;
unsigned short reportInterval, argusMrInterval;
unsigned int argusid, localnet, netmask, nextMrSequenceNum;
unsigned long long pktsRcvd, bytesRcvd;
unsigned int pktsDrop, flows, flowsClosed;
unsigned int actIPcons, cloIPcons;
unsigned int actICMPcons, cloICMPcons;
unsigned int actIGMPcons, cloIGMPcons;
unsigned int actFRAGcons, cloFRAGcons;
unsigned int actSECcons, cloSECcons;
int record_len;
};
struct ArgusFarStruct {
unsigned char type, length;
unsigned short status;
unsigned int ArgusTransRefNum;
struct ArgusTimeDesc time;
struct ArgusFlow flow;
struct ArgusAttributes attr;
struct ArgusMeter src, dst;
};
struct ArgusTimeDesc {
struct timeval start;
struct timeval last;
};
struct ArgusFlow {
union {
struct ArgusIPFlow ip;
struct ArgusICMPFlow icmp;
struct ArgusMACFlow mac;
struct ArgusArpFlow arp;
struct ArgusRarpFlow rarp;
struct ArgusESPFlow esp;
} flow_union;
};
struct ArgusIPAttributes {
unsigned short soptions, doptions;
unsigned char sttl, dttl;
unsigned char stos, dtos;
};
struct ArgusARPAttributes {
unsigned char response[8];
};
struct ArgusAttributes {
union {
struct ArgusIPAttributes ip;
struct ArgusARPAttributes arp;
} attr_union;
};
struct ArgusMeter {
unsigned int count, bytes, appbytes;
};
struct ArgusIPFlow {
unsigned int ip_src, ip_dst;
unsigned char ip_p, tp_p;
unsigned short sport, dport;
unsigned short ip_id;
};
struct ArgusICMPFlow {
unsigned int ip_src, ip_dst;
unsigned char ip_p, tp_p;
unsigned char type, code;
unsigned short id, ip_id;
};
struct ArgusMACFlow {
struct ether_header ehdr;
unsigned char dsap, ssap;
};
struct ArgusArpFlow {
unsigned int arp_spa;
unsigned int arp_tpa;
unsigned char etheraddr[6];
unsigned short pad;
};
struct ArgusRarpFlow {
unsigned int arp_tpa;
unsigned char srceaddr[6];
unsigned char tareaddr[6];
};
struct ArgusESPFlow {
unsigned int ip_src, ip_dst;
unsigned char ip_p, tp_p;
unsigned short pad;
unsigned int spi;
};

SEE ALSO

argus(8),

23 June 2000 ARGUS(5)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout