question about ra -s flag
Nick Giordano
ngiordano at mitre.org
Tue Jan 25 11:34:12 EST 2005
I seem to be getting inconsistent results depending on what I give to
the -s flag of ra (Ra Version 2.0.6.fixes.1). Some of the results have
a ',' prepended and others do not.
My rarc file is:
RA_FIELD_DELIMITER=','
RA_PRINT_UNIX_TIME=yes
ra -s rate -r out/jan_19_out gives
...
,18.08,14.47
,20.05,16.04
,0.00,0.00
,39.05,22.80
...
while
ra -s spkts -r out/jan_19_out gives
...
14
1
1
2
1
30
...
And speaking of the 'rate' field, what do the two values mean?
Additionally, what is the second field of an ra query with no options?
/data/beancounter $ ra -r out/jan_19_out
1106110724,,udp,xxx.xxx.xxx.xxx,1948,->,xxx.xxx.xxx.xxx,1948,1,0,478,0,INT
1106110680,I,udp,xxx.xxx.xxx.xxx,->,xxx.xxx.xxx.xxx,netbi,6,0,1842,0,INT
Also, the -A flag will give byte counts of application data instead of
total byte size, is there any possibility of this being added as a field
option so we could have total bytes and application bytes on the same
output line?
Thanks,
Nick
More information about the argus
mailing list