The double-counting saga
Carter Bullard
carter at qosient.com
Mon Mar 31 23:50:56 EST 2003
So are you getting two duplicate records or are you getting
records with 2x counts? The duplicate records are easy
to remove, we could write a simple client to
adjust the counts and bytes.
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Andrew Pollock
> Sent: Monday, March 31, 2003 11:45 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: The double-counting saga
>
>
> Sigh.
>
> We have gotten to the bottom of the problem, it would seem.
>
> The problem would appear to be specific to Debian's Argus
> implementation
> (predating my maintenance of the packages) whereby the
> /etc/init.d/argus
> script is invoking Argus with a -F /etc/argus.conf, but Argus is also
> compiled with /etc/argus.conf as it's config file, so it's essentially
> reading the configuration twice, once implicitly and once explicitly,
> hence it opens the specified interface twice, and counts
> everything twice.
>
> Is there an easy way to remove duplicates from existing Argus logs?
>
> Andrew
>
More information about the argus
mailing list