Problems extracting time-specific records
Carter Bullard
carter at qosient.com
Tue Jan 7 08:40:12 EST 2003
Hey Andrew,
Well it definitely seems that its not returning
what you expect it to. One way to test is to see what
an explicit range for the whole day would return.
ra -w - -r argus.log.1 -t 01/06-01/07 | racount
If we get a discrepancy, then we may have a bug.
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Andrew Pollock
> Sent: Monday, January 06, 2003 9:30 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Problems extracting time-specific records
>
>
> Hi,
>
> I'm using the 2.0.6.beta.37 clients, and I've got an argus log that
> contains data between:
>
> startime: 2003-01-06 06:25:08.287736
> endtime: 2003-01-07 06:26:11.708660
>
> (Debian rotates its logs at 6:25am) and I want to extract all
> the records
> from 2003-01-06
>
> I invoke ra thusly:
>
> ra -w - -r argus.log.1 -t 01/06 | racount
> and am told that the resulting number of records is 925,
> which is way too
> low.
>
> If I do this:
>
> ra -F /tmp/ra.conf -r argus.log.1 | cut -d',' -f1,2 | grep
> "06-01-03" | wc -l
>
> (ra.conf is setting the date format to be dd-mm-yy and using
> commas as
> delimiters)
>
> I get 2845662 lines back, which is a bit more like the number
> of records
> I'd expect to get back. I can do other visual inspections of
> the ASCII
> output, and I'm certainly not seeing records from the 6th of
> January when
> I use the -t option, but they are there if I look at the entire file.
>
> Have I found a bug?
>
> Andrew
>
More information about the argus
mailing list