ramon question
Carter Bullard
carter at qosient.com
Tue Apr 30 07:40:18 EDT 2002
Hey Mike,
I guessing but this is may be your problem.
Argus has 32 bit counters. When ramon is aggregating,
if a counter, such as src or dst byte count, would
rollover, ramon spits the record out, in order to
avoid losing any of the metrics.
The test is to look at the byte counts of some
of the redundant values. If they are near
4294967295, then that's the problem. If this is not the case,
send a portion of your output so I can see what may
be the issue.
The best way to avoid this situation is to use the
"-t start-endtime" option to limit the amount of
traffic ramon has to aggregate. Some use perl, which
has 64bit int support to read the output of ramon,
sum the multiple occurrence lines, and re-sort.
We'll need to add 64bit counters to argus records,
but that won't happen for a short while still.
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Mike Iglesias
> Sent: Tuesday, April 30, 2002 1:15 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: ramon question
>
>
> I'm trying to use ramon to give me the top N users (by bytes in/out).
> I was hoping it would output one set of numbers per IP address, but
> I'm getting more than one record in the output file for each IP
> address. Is this the way it's supposed to work, or am I not
> using it correctly?
>
> I'm writing the output of argus to a file, and then reading the file
> with ramon and writing another argus format file. I'm using ra to
> print out the data from the ramon output file.
>
> Any suggestions?
>
>
> Mike Iglesias Internet:
> iglesias at draco.acs.uci.edu
> University of California, Irvine phone: 949-824-6926
> Network & Academic Computing Services FAX: 949-824-2069
>
>
>
>
More information about the argus
mailing list