Content-type: text/html
<HTML><HEAD><TITLE>Manpage of ARGUS</TITLE>
</HEAD><BODY>
<H1>ARGUS</H1>
Section: File Formats (5)<BR>Updated: 23 June 2000<BR><A HREF="#index">Index</A>
<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB"> </A>
<H2>NAME</H2>
<B>argus</B> - IP Network Auditing Facility
<P>
<A NAME="lbAC"> </A>
<H2>SYNOPSIS</H2>
<PRE>
<B>#include <<A HREF="file:/usr/include/[argus_dir]/include/argus_def.h">[argus_dir]/include/argus_def.h</A>></B>
<B>#include <<A HREF="file:/usr/include/[argus_dir]/include/argus_out.h">[argus_dir]/include/argus_out.h</A>></B>
</PRE>
<P>
<A NAME="lbAD"> </A>
<H2>DESCRIPTION</H2>
The format of the
<B><A HREF="http://localhost/cgi-bin/man/man2html?8+argus">argus</A></B>(8)
data stream is most succinctly described through the structures defined
in the header file, but the general format is as follows:
<P>
<DL COMPACT><DT><DD>
<B>
Argus File Format:
<BR> Argus_Datum Initial_Management_Record
<BR> Argus_Datum
<BR> .
<BR> .
<BR> Argus_Datum Management_Statistics
<BR> Argus_Datum
<BR> .
<BR> .
</B>
</DL>
<P>
where the individual data fields are defined as follows:
<P>
<DL COMPACT><DT><DD>
<PRE>
struct <B>ArgusRecord</B> {
unsigned char <B>type</B>, <B>cause</B>;
unsigned short <B>length</B>;
unsigned int <B>status</B>;
unsigned int <B>argusid</B>;
unsigned int <B>seqNumber</B>;
union {
struct <B>ArgusMarStruct</B> <B>mar</B>;
struct <B>ArgusFarStruct</B> <B>far</B>;
} ar_union;
};
struct <B>ArgusMarStruct</B> {
struct timeval <B>startime</B>, <B>now</B>;
unsigned char <B>major_version</B>, <B>minor_version</B>;
unsigned char <B>interfaceType</B>, <B>interfaceStatus</B>;
unsigned short <B>reportInterval</B>, <B>argusMrInterval</B>;
unsigned int <B>argusid</B>, <B>localnet</B>, <B>netmask</B>, <B>nextMrSequenceNum</B>;
unsigned long long <B>pktsRcvd</B>, <B>bytesRcvd</B>;
unsigned int <B>pktsDrop</B>, <B>flows</B>, <B>flowsClosed</B>;
unsigned int <B>actIPcons</B>, <B>cloIPcons</B>;
unsigned int <B>actICMPcons</B>, <B>cloICMPcons</B>;
unsigned int <B>actIGMPcons</B>, <B>cloIGMPcons</B>;
unsigned int <B>actFRAGcons</B>, <B>cloFRAGcons</B>;
unsigned int <B>actSECcons</B>, <B>cloSECcons</B>;
int <B>record_len</B>;
};
struct <B>ArgusFarStruct</B> {
unsigned char <B>type</B>, <B>length</B>;
unsigned short <B>status</B>;
unsigned int <B>ArgusTransRefNum</B>;
struct <B>ArgusTimeDesc</B> <B>time</B>;
struct <B>ArgusFlow</B> <B>flow</B>;
struct <B>ArgusAttributes</B> <B>attr</B>;
struct <B>ArgusMeter</B> <B>src</B>, <B>dst</B>;
};
struct <B>ArgusTimeDesc</B> {
struct timeval <B>start</B>;
struct timeval <B>last</B>;
};
struct <B>ArgusFlow</B> {
union {
struct <B>ArgusIPFlow</B> <B>ip</B>;
struct <B>ArgusICMPFlow</B> <B>icmp</B>;
struct <B>ArgusMACFlow</B> <B>mac</B>;
struct <B>ArgusArpFlow</B> <B>arp</B>;
struct <B>ArgusRarpFlow</B> <B>rarp</B>;
struct <B>ArgusESPFlow</B> <B>esp</B>;
} flow_union;
};
struct <B>ArgusIPAttributes</B> {
unsigned short <B>soptions</B>, <B>doptions</B>;
unsigned char <B>sttl</B>, <B>dttl</B>;
unsigned char <B>stos</B>, <B>dtos</B>;
};
struct <B>ArgusARPAttributes</B> {
unsigned char <B>response[8]</B>;
};
struct <B>ArgusAttributes</B> {
union {
struct <B>ArgusIPAttributes</B> ip;
struct <B>ArgusARPAttributes</B> arp;
} attr_union;
};
struct <B>ArgusMeter</B> {
unsigned int <B>count</B>, <B>bytes</B>, <B>appbytes</B>;
};
struct <B>ArgusIPFlow</B> {
unsigned int <B>ip_src</B>, <B>ip_dst</B>;
unsigned char <B>ip_p</B>, <B>tp_p</B>;
unsigned short <B>sport</B>, <B>dport</B>;
unsigned short <B>ip_id</B>;
};
struct <B>ArgusICMPFlow</B> {
unsigned int <B>ip_src</B>, <B>ip_dst</B>;
unsigned char <B>ip_p</B>, <B>tp_p</B>;
unsigned char <B>type</B>, <B>code</B>;
unsigned short <B>id</B>, <B>ip_id</B>;
};
struct <B>ArgusMACFlow</B> {
struct ether_header <B>ehdr</B>;
unsigned char <B>dsap</B>, <B>ssap</B>;
};
struct <B>ArgusArpFlow</B> {
unsigned int <B>arp_spa</B>;
unsigned int <B>arp_tpa</B>;
unsigned char <B>etheraddr[6]</B>;
unsigned short <B>pad</B>;
};
struct <B>ArgusRarpFlow</B> {
unsigned int <B>arp_tpa</B>;
unsigned char <B>srceaddr[6]</B>;
unsigned char <B>tareaddr[6]</B>;
};
struct <B>ArgusESPFlow</B> {
unsigned int <B>ip_src</B>, <B>ip_dst</B>;
unsigned char <B>ip_p</B>, <B>tp_p</B>;
unsigned short <B>pad</B>;
unsigned int <B>spi</B>;
};
</PRE>
</DL>
<A NAME="lbAE"> </A>
<H2>SEE ALSO</H2>
<B><A HREF="http://localhost/cgi-bin/man/man2html?8+argus">argus</A></B>(8),
<P>
<HR>
<A NAME="index"> </A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">SEE ALSO</A><DD>
</DL>
<HR>
This document was created by
<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 23:40:57 GMT, March 15, 2001
</BODY>
</HTML>
distrib
>
Fedora
>
13
>
i386
>
media
>
os
>
by-pkgid
>
3d5150bad1cfbac98406a6ada6605c44
>
files
>
31
