How Do I Filter The Data so just the totals for each ip are shown?
Andy
andy at quadrant.net
Mon May 13 13:11:57 EDT 2002
I keep getting this error when trying to do the commands suggested:
ramon -M topn -r argus.out -w -
ramon: RaCreatePolicyEntry: format error
ramon -M topn -r argus.out
ramon: RaCreatePolicyEntry: format error
What is happening?
Does this have anything to do with function RaParseCIDRAddr() that is
found in ragator.c, rahistogram.c and ramon.c that is not
standardized?? I found a similar problem in your archives that was
occuring on Solaris machines. I have attached a copy at the end of
this email for reference.
BTW the mode 'srv' is not supported.
Andy
--------------
With argus 2.0.0 and 2.0.2.beta.1 on Solaris 8 Intel edition, I'm having
problems with ramon.
bin/ramon -M Matrix -r /local/argus/data
ramon: RaCreatePolicyEntry: format error
This is related to RaParseCIDRAddr() for the 255.255.255.255 addresses.
It is getting into argus_nametoaddr() which is returning 0.
gethostbyname("255.255.255.255") on Linux and FreeBSD machines are
generating a valid return structure, but Solaris doesn't.
#0 RaParseCIDRAddr (str=0x804620f "255.255.255.255") at ./ramon.c:1681
#1 0x8058d39 in RaParsePolicyEntry (
str=0x8172198 "Model 200 255.255.255.255 255.255.255.255
no no no") at ./ramon.c:1751
#2 0x8059282 in RaCreatePolicyEntry (
str=0x8172198 "Model 200 255.255.255.255 255.255.255.255
no no no") at ./ramon.c:1914
#3 0x805937f in RaReadFlowModelFile (model=0x80875e0) at ./ramon.c:1961
#4 0x8055d13 in ArgusClientInit () at ./ramon.c:120 #5 0x805af49 in
main (argc=5, argv=0x8047648) at ./argus_parse.c:505
Dropping the RaParseCIDRAddr() that is found in clients/ragator.c into
clients/ramon.c gets through the RaCreatePolicyEntry() routine and
generates output that seems reasonable.
-----------
Hey Michael,
Thanks! Yes, I'll clean up the 2.0.2 stuff so that they
are all using the same routines. The new argus-clients
package has all of these routines standardized and consolidated
in a single library.
Could you try it out, to see if its doing the right thing?
ftp://qosient.com/dev/argus-2.0/argus-clients-2.0.1.alpha.4.tar.gz
Carter
------------
>Hey Andy,
> You don't need to filter argus traffic to do this,
>you just need to use either ragator() or ramon(). From
>the new distribution ftp://qosient.com/dev/argus-2.0/argus-2.0.5.tar.gz
>try:
> ramon -M topn -r argusfile
> ramon -M srv -r argusfile
>
>This should give you some of what you want. Once you try these and
>find out what's missing, send mail and we can see how to improve
>ramon() to do what you want.
>
>Carter
>
>Carter Bullard
>QoSient, LLC
>300 E. 56th Street, Suite 18K
>New York, New York 10022
>
>carter at qosient.com
>Phone +1 212 588-9133
>Fax +1 212 588-9134
>http://qosient.com
>
>
>
>> -----Original Message-----
>> From: owner-argus-info at lists.andrew.cmu.edu
>> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Andy
>> Sent: Monday, May 13, 2002 12:30 PM
>> To: argus-info at lists.andrew.cmu.edu
>> Subject: How Do I Filter The Data so just the totals for each
>> ip are shown?
>>
>>
>> I hope this question is appropriate here.
>>
>>
>> I am new to argus and thus need some help with filtering. What I
>> want to do is filter out the data from argus so that I can get each
>> IP's total traffic at any given time. Here is an example of what I
>> want.
>>
>> IpAddress Protocol IN Traffic (bytes) OUT Traffic(bytes)
>> 10.0.0.4 ICMP 4000 2300
>> 207.192.2.4 TCP 1.2Gb 1Gb
>> xx.xx.xx.xx UDP 2Gb 4Gb
>> etc...
>>
>>
>> So for each IP at time Y I would like a summary of the total amount
>> of traffic in and out for each protocol supported by argus.
>>
>> Is there a simple way of doing this? Currently I am using trafd for
>> this and parsing the data file, buth this is really inneficient and
>> thus I would like to be able to do this with argus instead.
>>
>> Thank in advance,
>> Andy
>> --
>>
>>
--
More information about the argus
mailing list