How Do I Filter The Data so just the totals for each ip are shown?

Carter Bullard carter at qosient.com
Mon May 13 13:20:51 EDT 2002 

Your running old code.


> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu 
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Andy
> Sent: Monday, May 13, 2002 1:12 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: RE: How Do I Filter The Data so just the totals for 
> each ip are shown?
> 
> 
> I keep getting this error when trying to do the commands suggested:
> 
> ramon -M topn -r argus.out -w -
> ramon: RaCreatePolicyEntry: format error
> 
> 
> ramon -M topn -r argus.out
> ramon: RaCreatePolicyEntry: format error
> 
> What is happening?
> 
> Does this have anything to do with function RaParseCIDRAddr() that is 
> found in ragator.c, rahistogram.c and ramon.c that is not 
> standardized??  I found a similar problem in your archives that was 
> occuring on Solaris machines.  I have attached a copy at the end of 
> this email for reference.
> 
> BTW the mode 'srv' is not supported.
> 
> Andy
> 
> 
> --------------
> 
> 
> 
> With argus 2.0.0 and 2.0.2.beta.1 on Solaris 8 Intel edition, 
> I'm having problems with ramon.
> 
> bin/ramon -M Matrix -r /local/argus/data
> ramon: RaCreatePolicyEntry: format error
> 
> This is related to RaParseCIDRAddr() for the 255.255.255.255 
> addresses. It is getting into argus_nametoaddr() which is returning 0.
> gethostbyname("255.255.255.255") on Linux and FreeBSD 
> machines are generating a valid return structure, but Solaris doesn't.
> 
> #0  RaParseCIDRAddr (str=0x804620f "255.255.255.255") at 
> ./ramon.c:1681 #1  0x8058d39 in RaParsePolicyEntry (
>      str=0x8172198 "Model    200   255.255.255.255     255.255.255.255
> 
> no      no       no") at ./ramon.c:1751
> #2  0x8059282 in RaCreatePolicyEntry (
>      str=0x8172198 "Model    200   255.255.255.255     255.255.255.255
> 
> no      no       no") at ./ramon.c:1914
> #3  0x805937f in RaReadFlowModelFile (model=0x80875e0) at 
> ./ramon.c:1961 #4  0x8055d13 in ArgusClientInit () at 
> ./ramon.c:120 #5  0x805af49 in main (argc=5, argv=0x8047648) 
> at ./argus_parse.c:505
> 
> Dropping the RaParseCIDRAddr() that is found in 
> clients/ragator.c into clients/ramon.c gets through the 
> RaCreatePolicyEntry() routine and generates output that seems 
> reasonable.
> -----------
> 
> 
> 
> Hey Michael,
>     Thanks!  Yes, I'll clean up the 2.0.2 stuff so that they 
> are all using the same routines.  The new argus-clients 
> package has all of these routines standardized and 
> consolidated in a single library.
> 
> Could you try it out, to see if its doing the right thing? 
> ftp://qosient.com/dev/argus-2.0/argus-clients-2.0.1.alpha.4.tar.gz
> 
> Carter
> 
> ------------
> 
> 
> 
> 
> 
> >Hey Andy,
> >    You don't need to filter argus traffic to do this,
> >you just need to use either ragator() or ramon().  From
> >the new distribution 
> ftp://qosient.com/dev/argus-2.0/argus-2.0.5.tar.gz
> >try:
> >    ramon -M topn -r argusfile
> >    ramon -M srv -r argusfile
> >
> >This should give you some of what you want. Once you try 
> these and find 
> >out what's missing, send mail and we can see how to improve
> >ramon() to do what you want.
> >
> >Carter
> >
> >Carter Bullard
> >QoSient, LLC
> >300 E. 56th Street, Suite 18K
> >New York, New York  10022
> >
> >carter at qosient.com
> >Phone +1 212 588-9133
> >Fax   +1 212 588-9134
> >http://qosient.com
> >
> >   
> >
> >>  -----Original Message-----
> >>  From: owner-argus-info at lists.andrew.cmu.edu
> >>  [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Andy
> >>  Sent: Monday, May 13, 2002 12:30 PM
> >>  To: argus-info at lists.andrew.cmu.edu
> >>  Subject: How Do I Filter The Data so just the totals for each  ip 
> >> are shown?
> >>
> >>
> >>  I hope this question is appropriate here.
> >>
> >>
> >>  I am new to argus and thus need some help with filtering. 
>  What I  
> >> want to do is filter out the data from argus so that I can 
> get each  
> >> IP's total traffic at any given time.  Here is an example 
> of what I  
> >> want.
> >>
> >>  IpAddress	Protocol	IN Traffic (bytes) OUT Traffic(bytes)
> >>  10.0.0.4		ICMP 	4000		2300
> >>  207.192.2.4	TCP	1.2Gb		1Gb
> >>  xx.xx.xx.xx	UDP	2Gb		4Gb
> >>  etc...
> >>
> >>
> >>  So for each IP at time Y I would like a summary of the 
> total amount  
> >> of traffic in and out for each protocol supported by argus.
> >>
> >>  Is there a simple way of doing this?  Currently I am 
> using trafd for  
> >> this and parsing the data file,  buth this is really 
> inneficient and  
> >> thus I would like to be able to do this with argus instead.
> >>
> >>  Thank in advance,
> >>  Andy
> >>  --
> >>
> >>
> 
> 
> -- 
> 
>

More information about the argus mailing list