Time stamps in argus records
Russell Fulton
r.fulton at auckland.ac.nz
Thu Sep 23 17:16:26 EDT 1999
On Thu, 23 Sep 1999 08:23:00 -0700 Carter Bullard
<cbullard at nortelnetworks.com> wrote:
> Hey Russell,
> Combining multiple Argus records that belong to the same flow
> is done with raconnections(). Feed a days worth of argus records
> into raconnections() and you should get single records for single
> connections with the start and last timestamps correct.
>
Right, I had forgotten raconnections! There is still one problem I
think, and that is that my data is stored in hourly files and if I
remember correctly none of the clients will read multiple files.
I know we have had this discussion before and I recognize that there
will be problems if users feed files to client out of order but I
strongly feel that the utility of having the data stored in managable
chunks (eg. hourly) while retaining the ability to do long running
analysis far out wieghs any problems.
What I suggest is a new flag ( -R ?) which gives the name of a file
containing the list of input files. I propose this rather than the
usual list of filenames on the command line for two reasons: firstly we
already have an undelimited string of tokens in the filter and secondly
I want more flexibility in listing files than the shell globbing
permits.
I will have a look at the client code today and see if I can figure out
what is involved.
Cheers, Russell.
More information about the argus
mailing list