[ARGUS] ra* performance

Carter Bullard carter at qosient.com
Mon May 10 12:54:54 EDT 2004


Hey Four,
If it doesn't appear to be eating any cycles while
ramon is just sitting there, it could be that you need
to run with the '-n' option, as you could be just sitting,
trying to resolve addresses into names.  Be sure and
put a .rarc file in your home directory to set the
variable for the ra* programs.

Don't wait for an entire day to process, you can do
incremental processing with minor impact on performance.
Here's an example.  If you're in /tmp and the daily data
is in /dir/data, try this type of call (assuming you
are using bash()):

 % cd /tmp
 % for i in /tmp/data/*; do
 > echo $i;
 > ramon -M topn -r ramon.out $i -w tmp.out;
 > mv tmp.out ramon.out;
 > done

so, for each file in /tmp/data,  run ramon() on each file,
reading ramon.out first, dump the output into tmp, and
then move tmp to ramon.out.  At anytime you can
ra -r /tmp/ramon.out and see what its doing.

Carter





-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of cleric at gwu.edu
Sent: Monday, May 10, 2004 12:37 PM
To: argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] ra* performance

Hello All,

I'm a new Argus user and as such I am still learning the capabilities of
the software. I'm excited about the possibilities, but I have encountered
some performance issues that I hope you can help with.

I am running Argus on a dual Xeon 1.8 with 1 gig of ram. The argus daemon
capture performance seems to be great... using up only about 5-15% of the
cpu while it is running. I use the argusarchive script to rotate the
capure every 5 minutes. I am monitoring a link that runs between 25 and 50
mbit/sec on average. I am running linux 2.4...

The problem comes when I try to extract information from my archived *.gz
capture files using the various ra programs. If I try to go into the
archive directory for a single day's captures and run an ramon -M topn -r
*, for example  the command never completes (and I've let it run for
several hours once). Am I going about this the wrong way? Are there ways
to tweak the OS to improve performance? Do people have performance stats
that they could share? Right now what I am doing seems unusably slow...

Thanks!

Four






More information about the argus mailing list