Problems extracting time-specific records
Andrew Pollock
andrew-argus at andrew.net.au
Mon Jan 6 21:30:23 EST 2003
Hi,
I'm using the 2.0.6.beta.37 clients, and I've got an argus log that
contains data between:
startime: 2003-01-06 06:25:08.287736
endtime: 2003-01-07 06:26:11.708660
(Debian rotates its logs at 6:25am) and I want to extract all the records
from 2003-01-06
I invoke ra thusly:
ra -w - -r argus.log.1 -t 01/06 | racount
and am told that the resulting number of records is 925, which is way too
low.
If I do this:
ra -F /tmp/ra.conf -r argus.log.1 | cut -d',' -f1,2 | grep "06-01-03" | wc -l
(ra.conf is setting the date format to be dd-mm-yy and using commas as
delimiters)
I get 2845662 lines back, which is a bit more like the number of records
I'd expect to get back. I can do other visual inspections of the ASCII
output, and I'm certainly not seeing records from the 6th of January when
I use the -t option, but they are there if I look at the entire file.
Have I found a bug?
Andrew
More information about the argus
mailing list