ra vs rasort
Carter Bullard
carter at qosient.com
Mon Aug 19 08:36:26 EDT 2002
Hey Andrew,
Rather than using wc, racount() is the program of
choice to see if the programs are doing the right
thing.
racount -r argus.log argus.log.1.gz
rasort -w - -r argus.log argus.log.1.gz | racount
what happens in this case?
The problem is that rasort() does not process the internal
management records that argus generates. These records are
there for integrity checking, how many records since the
last one, what's the next sequence number, how many flows
has the argi seen, what is the interface status. If the argus
records are rearranged, then these records are pretty much
meaningless, so rasort() discards them. That is probably
the source of your discrepancy.
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street
Suite 18K
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Andrew Pollock
> Sent: Sunday, August 18, 2002 10:38 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: ra vs rasort
>
>
> Hi,
>
> should ra and rasort produce the same amount of output?
>
> I was just fiddling around with rasort and noticed that it's
> not, i.e.:
>
> # ra -r argus.log argus.log.1.gz | wc -l
> 23259
>
> # rasort -r argus.log argus.log.1.gz | wc -l
> 22898
>
> ra = 2.0.2.alpha9
> rasort = 2.0.2.alpha9
>
> Andrew
>
>
More information about the argus
mailing list