[ARGUS] Re: Majordomo results: Re: Majordomo results

Peter Van Epp vanepp at sfu.ca
Tue Dec 14 14:58:23 EST 2004 

On Tue, Dec 14, 2004 at 08:38:51AM -0800, Alaios wrote:
> Hi... Nice programme really the argus :)
> 
> I have just install it an i am trying to calculate
> some results in my measures..
> I still face problems even though i have read all the
> documentation so plz help me
> 
> a)I exxecute the argus with the -w parameters because
> i want to keep everything in a file. The problem is
> that i don't know how to terminate the argus. If i
> send a term signal (ctrl+c) i think that the file gets
> corrupted? Is my statement correct or not?

	I don't think it gets corrupted (although the official way is a 
kill -HUP to stop argus completely). However you don't necessarily want to 
stop argus, just roll the log file. Assuming you start it with

argus_bpf -dJR -w argus.out

then 

mv argus.out argus.out.old

will cycle the log file. The current file will move to argus.out and the next
time there is data argus_bpf will recognize the file is gone and create a new
copy of argus.out to put its data in. 
	

> 
> b)After having the measurements i need to print out
> the jitter but still i can't find how... Any
> suggestion?

	Use the -s flag with ra (from the man page):


       -s <[-][[+[#]]field ...> -
           Specify the fields to print. Ra uses a default printing field list,
           by  specifying a field you can replace this list completely, or you
           can modify the existing default print list, using the optional  '-'
           and '+[#]' form of the command.  The available fields to print are:

              startime, lasttime, count, dur, avgdur,
              saddr, daddr, proto, sport, dport, ipid,
              stos, dtos, sttl, dttl, bytes, sbytes, dbytes,
              pkts, spkts, dpkts, load, loss, rate,
              srcid, ind, mac, dir, jitter, status, user,
              win, trans, seq, vlan, mpls

           Examles are:
              -s srcaddr    print only the source address.
              -s -bytes     removes the bytes field from list.
              -s +2srcid    adds MAC addresses as the 2nd field.
              -s mac pkts   prints MAC addresses and src and dst pkt counts.

so 

ra -r argus.out -nn -s +jitter 

should add the jitter output to the end of the display line.
	The next two I'll leave for Carter to comment on (I don't think so, but
I could be wrong :-)).

> 
> c)Can u give me plz a command that prints as many
> statistical information (e.x jitter,interarrival) to
> show to my boss what argus is able to do?
> 
> d)Can i dynamically view the jitter?
> 
> Thx a lot...
> Paleos Alex
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 



Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the argus mailing list