argus - IP Network Auditing Facility Linux Man Page

ARGUS (5) manpage

ARGUS

23 June 2000

NAME
COPYRIGHT

SYNOPSIS


#include <[argus_dir]/include/argus_def.h>
#include <[argus_dir]/include/argus_out.h>

DESCRIPTION

argus(8)

Argus File Format: Argus_Datum Initial_Management_Record Argus_Datum . . Argus_Datum Management_Statistics Argus_Datum . .


struct ArgusRecord {
   unsigned char type, cause;
   unsigned short length;
   unsigned int status;
   unsigned int argusid;
   unsigned int seqNumber;

   union {
      struct ArgusMarStruct  mar;
      struct ArgusFarStruct  far;
   } ar_union;
};

struct ArgusMarStruct {
   struct timeval startime, now;
   unsigned char  major_version, minor_version;
   unsigned char interfaceType, interfaceStatus;
   unsigned short reportInterval, argusMrInterval;
   unsigned int argusid, localnet, netmask, nextMrSequenceNum;
   unsigned long long pktsRcvd, bytesRcvd;
   unsigned int  pktsDrop, flows, flowsClosed;
   unsigned int actIPcons,  cloIPcons;
   unsigned int actICMPcons,  cloICMPcons;
   unsigned int actIGMPcons,  cloIGMPcons;
   unsigned int actFRAGcons,  cloFRAGcons;
   unsigned int actSECcons,  cloSECcons;
   int record_len;
};

struct ArgusFarStruct {
   unsigned char type, length;
   unsigned short status;
 
   unsigned int ArgusTransRefNum;
   struct ArgusTimeDesc time;
   struct ArgusFlow flow;
   struct ArgusAttributes attr;
   struct ArgusMeter src, dst;
};

struct ArgusTimeDesc {
   struct timeval start;
   struct timeval last;
};

struct ArgusFlow {
   union {
      struct ArgusIPFlow     ip;
      struct ArgusICMPFlow icmp;
      struct ArgusMACFlow   mac;
      struct ArgusArpFlow   arp;
      struct ArgusRarpFlow rarp;
      struct ArgusESPFlow   esp;
  } flow_union;
};

struct ArgusIPAttributes {
   unsigned short soptions, doptions;
   unsigned char sttl, dttl;
   unsigned char stos, dtos;
};

struct ArgusARPAttributes {
   unsigned char response[8];
};

struct ArgusAttributes {
   union {
      struct ArgusIPAttributes   ip;
      struct ArgusARPAttributes arp;
   } attr_union;
};


struct ArgusMeter {
   unsigned int count, bytes, appbytes;
};

struct ArgusIPFlow {
   unsigned int ip_src, ip_dst;
   unsigned char ip_p, tp_p;
   unsigned short sport, dport;
   unsigned short ip_id;
};

struct ArgusICMPFlow {
   unsigned int ip_src, ip_dst;
   unsigned char ip_p, tp_p;
   unsigned char type, code;
   unsigned short id, ip_id;
};

struct ArgusMACFlow {
   struct ether_header ehdr;
   unsigned char dsap, ssap;
};

struct ArgusArpFlow {
   unsigned int arp_spa;
   unsigned int arp_tpa;
   unsigned char etheraddr[6];
   unsigned short pad;
};
 
struct ArgusRarpFlow {
   unsigned int arp_tpa;
   unsigned char srceaddr[6];
   unsigned char tareaddr[6];
};
 
struct ArgusESPFlow {
   unsigned int ip_src, ip_dst;
   unsigned char ip_p, tp_p;
   unsigned short pad;
   unsigned int spi;
};

SEE ALSO