How Do I Filter The Data so just the totals for each ip are shown?

Andy andy at quadrant.net
Mon May 13 13:41:54 EDT 2002 

No I don't think that I am.  I compiled the latest from

ftp://qosient.com/dev/argus-2.0/argus-2.0.5.tar.gz

Made it and installed it again just a few seconds ago after applying 
the patches to get it to work on Mac Os X and still the same errors. 
I looked at the creation dates of these executables and they are all 
current.

ramon -h
Ramon Version 2.0.5
usage: ramon -M mode [-N num]
usage: ramon -M mode [-N num] [ra-options] [- filter-expression]
options:    -M <mode>      specify the rmon function. possible <modes> are:
                               TopN, Matrix
             -N <number>    specify the top <number> of entries to print (all).
ra-options: -a             print record summaries on termination.
             -A             print application bytes.
             -b             dump packet-matching code.
             -c             print packet and byte counts.
             -C             treat the remote source as a Cisco Netflow source.
             -D <level>     specify debug level
             -F <conffile>  read configuration from <conffile>.
             -g             print record time duration.
             -G             print both start and last time values.
             -h             print help.
             -I             print transaction state and option indicators.
             -l             print last time values [default is start time].
             -n             don't convert numbers to names.
             -p <digits>    print fractional time with <digits> precision.
             -P <portnum>   specify remote argus <portnum> (tcp/561).
             -r <file>      read argus data <file>. '-' denotes stdin.
             -S <host>      specify remote argus <host>.
             -t <timerange> specify <timerange> for reading records.
                   format:  timeSpecification[-timeSpecification]
                            timeSpecification: [mm/dd[/yy].]hh[:mm[:ss]]
                                                mm/dd[/yy]
             -T <secs>      attach to remote server for T seconds.
             -u             print time in Unix time format.
             -w <file>      write output to <file>. '-' denotes stdout.
andyscomputer:/var/log/argus% ramon -r argus.out -M topn
ramon: RaCreatePolicyEntry: format error
andyscomputer:/var/log/argus% ramon -r argus.out -M TopN
ramon: RaCreatePolicyEntry: format error


All of the other utilities are working fine and reading the data file 
perfectly.

Andy




>Your running old code.
>
>  > -----Original Message-----
>>  From: owner-argus-info at lists.andrew.cmu.edu
>>  [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Andy
>>  Sent: Monday, May 13, 2002 1:12 PM
>  > To: argus-info at lists.andrew.cmu.edu
>>  Subject: RE: How Do I Filter The Data so just the totals for
>  > each ip are shown?
>  >
>>
>>  I keep getting this error when trying to do the commands suggested:
>>
>>  ramon -M topn -r argus.out -w -
>>  ramon: RaCreatePolicyEntry: format error
>>
>>
>>  ramon -M topn -r argus.out
>>  ramon: RaCreatePolicyEntry: format error
>>
>>  What is happening?
>>
>>  Does this have anything to do with function RaParseCIDRAddr() that is
>>  found in ragator.c, rahistogram.c and ramon.c that is not
>>  standardized??  I found a similar problem in your archives that was
>>  occuring on Solaris machines.  I have attached a copy at the end of
>>  this email for reference.
>>
>>  BTW the mode 'srv' is not supported.
>>
>>  Andy
>>
>>
>>  --------------
>>
>>
>>
>>  With argus 2.0.0 and 2.0.2.beta.1 on Solaris 8 Intel edition,
>>  I'm having problems with ramon.
>>
>>  bin/ramon -M Matrix -r /local/argus/data
>>  ramon: RaCreatePolicyEntry: format error
>>
>>  This is related to RaParseCIDRAddr() for the 255.255.255.255
>>  addresses. It is getting into argus_nametoaddr() which is returning 0.
>>  gethostbyname("255.255.255.255") on Linux and FreeBSD
>>  machines are generating a valid return structure, but Solaris doesn't.
>>
>>  #0  RaParseCIDRAddr (str=0x804620f "255.255.255.255") at
>  > ./ramon.c:1681 #1  0x8058d39 in RaParsePolicyEntry (
>>       str=0x8172198 "Model    200   255.255.255.255     255.255.255.255
>>
>>  no      no       no") at ./ramon.c:1751
>>  #2  0x8059282 in RaCreatePolicyEntry (
>>       str=0x8172198 "Model    200   255.255.255.255     255.255.255.255
>>
>>  no      no       no") at ./ramon.c:1914
>>  #3  0x805937f in RaReadFlowModelFile (model=0x80875e0) at
>>  ./ramon.c:1961 #4  0x8055d13 in ArgusClientInit () at
>>  ./ramon.c:120 #5  0x805af49 in main (argc=5, argv=0x8047648)
>>  at ./argus_parse.c:505
>>
>>  Dropping the RaParseCIDRAddr() that is found in
>>  clients/ragator.c into clients/ramon.c gets through the
>>  RaCreatePolicyEntry() routine and generates output that seems
>>  reasonable.
>>  -----------
>>
>>
>>
>>  Hey Michael,
>>      Thanks!  Yes, I'll clean up the 2.0.2 stuff so that they
>>  are all using the same routines.  The new argus-clients
>>  package has all of these routines standardized and
>>  consolidated in a single library.
>>
>>  Could you try it out, to see if its doing the right thing?
>>  ftp://qosient.com/dev/argus-2.0/argus-clients-2.0.1.alpha.4.tar.gz
>>
>>  Carter
>>
>>  ------------
>>
>>
>>
>>
>>
>>  >Hey Andy,
>>  >    You don't need to filter argus traffic to do this,
>>  >you just need to use either ragator() or ramon().  From
>>  >the new distribution
>  > ftp://qosient.com/dev/argus-2.0/argus-2.0.5.tar.gz
>>  >try:
>>  >    ramon -M topn -r argusfile
>>  >    ramon -M srv -r argusfile
>>  >
>>  >This should give you some of what you want. Once you try
>>  these and find
>>  >out what's missing, send mail and we can see how to improve
>>  >ramon() to do what you want.
>>  >
>>  >Carter
>>  >
>>  >Carter Bullard
>>  >QoSient, LLC
>>  >300 E. 56th Street, Suite 18K
>>  >New York, New York  10022
>>  >
>>  >carter at qosient.com
>>  >Phone +1 212 588-9133
>>  >Fax   +1 212 588-9134
>>  >http://qosient.com
>>  >
>>  >  
>>  >
>>  >>  -----Original Message-----
>>  >>  From: owner-argus-info at lists.andrew.cmu.edu
>>  >>  [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Andy
>>  >>  Sent: Monday, May 13, 2002 12:30 PM
>>  >>  To: argus-info at lists.andrew.cmu.edu
>>  >>  Subject: How Do I Filter The Data so just the totals for each  ip
>>  >> are shown?
>>  >>
>>  >>
>>  >>  I hope this question is appropriate here.
>>  >>
>>  >>
>>  >>  I am new to argus and thus need some help with filtering.
>>   What I 
>>  >> want to do is filter out the data from argus so that I can
>>  get each 
>>  >> IP's total traffic at any given time.  Here is an example
>>  of what I 
>>  >> want.
>>  >>
>>  >>  IpAddress	Protocol	IN Traffic (bytes) OUT Traffic(bytes)
>>  >>  10.0.0.4		ICMP	4000		2300
>>  >>  207.192.2.4	TCP	1.2Gb		1Gb
>>  >>  xx.xx.xx.xx	UDP	2Gb		4Gb
>>  >>  etc...
>>  >>
>>  >>
>>  >>  So for each IP at time Y I would like a summary of the
>>  total amount 
>>  >> of traffic in and out for each protocol supported by argus.
>>  >>
>>  >>  Is there a simple way of doing this?  Currently I am
>>  using trafd for 
>>  >> this and parsing the data file,  buth this is really
>>  inneficient and 
>>  >> thus I would like to be able to do this with argus instead.
>>  >>
>>  >>  Thank in advance,
>>  >>  Andy
>>  >>  --
>>  >>
>>  >>
>>
>>
>>  --
>>
>>


--

More information about the argus mailing list