utilization by time problem

[Carter Bullard]

Hey P,
When it comes to using ramon() and filters, I would
recommend that you NOT, instead, use ra() as a preprocessor.
ramon() is doing rather weird things with the records
and filters don't do what you would expect.  Try this
instead:

ra -t 2003/12/10.15:09 -r /var/log/blah -w - - tcp and not net 172 | ramon
-M TopN

This should give you better results.

You may want to use a modified argusarchive()
running out of cron to generate your per minute
reports.  Take a look at how it runs, and see if
you can't take advantage of its argus output file
processing strategy.

Carter





-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of none none
Sent: Wednesday, December 10, 2003 5:36 PM
To: argus-info at lists.andrew.cmu.edu
Subject: utilization by time problem


Hi, I would like to use Argus to monitor traffic
utilization in 1 minute intervals by using ramon on an
argus output file. The problem I have is that
utilization info is returned about data collected
since the time argus was started, not just for the
minute window in time I specify. I used this line to
grab the traffic.

ramon -t  -M TopN -r /var/log/blah -
tcp and not net 172

I have also tried filtering with ragator and passing
the results to ramon with the same result. Is there
another way for me to accomplish this task?

Ultimately, I am going to run a script every minute
that will run an ramon command and find sources that
are generating bytes over a certain limit within that
minute.

I appreciate any help.
Thanks,
-P

p.s. argus -S is set to 20





__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/