Strange timerange behavior
Ingo Theiss
ingo.theiss at mytheiss.de
Sun Dec 29 04:56:11 EST 2002
Hello erverybody,
I am quite new to argus but quickly warming up to that great project.
I´ve got argus working and collecting data on my system for about two
days and started analysing the results. Thats where my problem starts.
I am using the timerang option to get results for e.g. 1 hour and 1
second, but the is a strange behavior or better result when I execute
the following command:
ra -t 2002/12/29.07:15:01 - 2002/12/29.07:16:01 -r argus.log
The Output doesn´t start at "07:15:01" but end correctly at "07:16:01".
The results start somewhere near "07:14" and I am not able to get an
exact range of one minute. The same happens when I try to get one
second, the result contains more than one second.
Have I mussunderstood the usage of timerange? Or is it a bug?
Here is an example output:
ra -t 2002/12/29.07:15:15 - 2002/12/29.07:16:15 -r ra.log.5
Start_Time Duration Flgs Type SrcAddr Sport Dir
DstAddr Dport SrcPkt Dstpkt SrcBytes DstBytes State
02-12-29 07:14:15 59 arp 81.2.161.254 who-has
81.2.161.244 164 0 9840 0 INT
02-12-29 07:14:15 59 arp 81.2.161.254 who-has
81.2.161.69 106 0 6360 0
...
02-12-29 07:16:12 0 udp 81.2.131.188.52977 <->
81.2.139.58.53 1 1 82 177 ACC
02-12-29 07:16:14 0 udp 81.2.131.188.52977 <->
81.2.139.58.53 1 1 85 149 ACC
02-12-29 07:16:14 0 udp 81.2.131.188.52977 <->
81.2.139.58.53 1 1 107 171 ACC
02-12-29 07:16:14 0 udp 81.2.131.188.52977 <->
81.2.139.58.53 1 1 85 150 ACC
02-12-29 07:16:14 0 udp 81.2.131.188.52977 <->
81.2.139.58.53 1 1 82 177 ACC
02-12-29 07:16:14 0 udp 81.2.131.188.52977 <->
81.2.139.58.53 1 1 82 177 ACC
Thank you in advice!
Regards
Ingo
More information about the argus
mailing list