odd ra output with -Zb
Carter Bullard
carter at qosient.com
Thu Aug 10 10:03:43 EDT 2006
Hey Russell,
Your just truncating the status output string to 5 characters
(default size
of the status field). Try this to see if it doesn't help.
ra -r file -Zb -s -status +status:12
I'll make a change in the "-s " option so we can modify the
fields width in a simpler way than just removing the column
and adding it back with a different length specifier.
Carter
On Aug 9, 2006, at 5:22 PM, Russell Fulton wrote:
> HI Carter,
> using argus-clients-3.0.0.rc.23 and running ra with the -Zb (does
> anyone else use this option?) ra appears to display only the source
> flags.
>
> For these (but not all flows) the output for -Z(b|s|d) appear to be
> identical.
>
> Is this a 'clever' optimization where only one set of flags are
> displayed if the flags are symmetric.
>
> Apart from this and the memory issue with racluster argus 3.0 is
> running
> well on my busiest sensor.
>
> Cheers, Russell
>
> -Zb
>
>> 08:01:20.684427 r tcp 130.216.49.189.49226 -
>> > 141.211.14.25.993 20 16 1717
>> 4106 FSRPA
>> 08:01:23.525084 tcp 130.216.49.189.49227 -
>> > 141.211.14.25.993 20 19 1718
>> 7395 FSRPA
>> 08:01:26.637297 r tcp 130.216.49.189.49228 -
>> > 141.211.14.25.993 21 20 1794
>> 7291 FSRPA
>> 08:01:29.791700 tcp 130.216.49.189.49229 -
>> > 141.211.14.25.993 17 14 1479
>> 1764 FSRPA
>> 08:01:31.554709 tcp 130.216.49.189.49230 -
>> > 141.211.14.25.993 19 17 1665
>> 2223 FSRPA
>> 08:01:33.821605 tcp 130.216.49.189.49231 -
>> > 141.211.14.25.993 19 15 1666
>> 2031 FSRPA
>> 08:01:36.187044 tcp 130.216.49.189.49232 -
>> > 141.211.14.25.993 19 16 1664
>> 4355 FSRPA
>> 08:01:38.463524 r tcp 130.216.49.189.49233 -
>> > 141.211.14.25.993 24 23 1999
>> 14379 FSRPA
>> 08:01:41.797460 tcp 130.216.49.189.49234 -
>> > 141.211.14.25.993 19 15 1658
>> 2931 FSRPA
>> 08:01:44.193057 r tcp 130.216.49.189.49235 -
>> > 141.211.14.25.993 20 16 1715
>> 3726 FSRPA
>> 08:01:46.429550 tcp 130.216.49.189.49236 -
>> > 141.211.14.25.993 19 17 1653
>> 2940 FSRPA
>> 08:01:48.473256 tcp 130.216.49.189.49237 -
>> > 141.211.14.25.993 19 17 1657
>> 2917 FSRPA
>> 08:01:50.818629 tcp 130.216.49.189.49238 -
>> > 141.211.14.25.993 20 17 1719
>> 6071 FSRPA
>> 08:01:53.458966 r tcp 130.216.49.189.49239 -
>> > 141.211.14.25.993 21 19 1788
>> 8462 FSRPA
>> 08:01:56.583179 tcp 130.216.49.189.49240 -
>> > 141.211.14.25.993 19 15 1665
>> 2431 FSRPA
>> 08:01:58.680469 tcp 130.216.49.189.49241 -
>> > 141.211.14.25.993 19 15 1655
>> 2927 FSRPA
>> 08:02:00.766632 tcp 130.216.49.189.49242 -
>> > 141.211.14.25.993 19 17 1657
>> 2634 FSRPA
>> 08:02:02.921232 tcp 130.216.49.189.49246 -
>> > 141.211.14.25.993 17 14 1469
>> 1764 FSRPA
>> 08:02:04.690269 r tcp 130.216.49.189.49247 -
>> > 141.211.14.25.993 21 19 1788
>> 8211 FSRPA
>> 08:02:07.635353 tcp 130.216.49.189.49248 -
>> > 141.211.14.25.993 19 15 1654
>> 2442 FSRPA
>> 08:02:09.873538 tcp 130.216.49.189.49249 -
>> > 141.211.14.25.993 19 15 1650
>> 2133 FSRPA
>> 08:02:11.948114 tcp 130.216.49.189.49250 -
>> > 141.211.14.25.993 19 17 1649
>> 2213 FSRPA
>> 08:02:14.053730 tcp 130.216.49.189.49251 -
>> > 141.211.14.25.993 19 15 1659
>> 2195 FSRPA
>> 08:02:16.127153 r tcp 130.216.49.189.49252 -
>> > 141.211.14.25.993 22 22 1864
>> 13439 FSRPA
>> 08:02:19.837593 tcp 130.216.49.189.49253 -
>> > 141.211.14.25.993 19 17 1655
>> 2285 FSRPA
>> 08:02:22.151326 tcp 130.216.49.189.49254 -
>> > 141.211.14.25.993 19 15 1659
>> 2196 FSRPA
>
> -Zs
>
>> 08:01:20.684427 r tcp 130.216.49.189.49226 -
>> > 141.211.14.25.993 20 16 1717
>> 4106 FSRPA
>> 08:01:23.525084 tcp 130.216.49.189.49227 -
>> > 141.211.14.25.993 20 19 1718
>> 7395 FSRPA
>> 08:01:26.637297 r tcp 130.216.49.189.49228 -
>> > 141.211.14.25.993 21 20 1794
>> 7291 FSRPA
>> 08:01:29.791700 tcp 130.216.49.189.49229 -
>> > 141.211.14.25.993 17 14 1479
>> 1764 FSRPA
>> 08:01:31.554709 tcp 130.216.49.189.49230 -
>> > 141.211.14.25.993 19 17 1665
>> 2223 FSRPA
>> 08:01:33.821605 tcp 130.216.49.189.49231 -
>> > 141.211.14.25.993 19 15 1666
>> 2031 FSRPA
>> 08:01:36.187044 tcp 130.216.49.189.49232 -
>> > 141.211.14.25.993 19 16 1664
>> 4355 FSRPA
>> 08:01:38.463524 r tcp 130.216.49.189.49233 -
>> > 141.211.14.25.993 24 23 1999
>> 14379 FSRPA
>> 08:01:41.797460 tcp 130.216.49.189.49234 -
>> > 141.211.14.25.993 19 15 1658
>> 2931 FSRPA
>> 08:01:44.193057 r tcp 130.216.49.189.49235 -
>> > 141.211.14.25.993 20 16 1715
>> 3726 FSRPA
>> 08:01:46.429550 tcp 130.216.49.189.49236 -
>> > 141.211.14.25.993 19 17 1653
>> 2940 FSRPA
>> 08:01:48.473256 tcp 130.216.49.189.49237 -
>> > 141.211.14.25.993 19 17 1657
>> 2917 FSRPA
>> 08:01:50.818629 tcp 130.216.49.189.49238 -
>> > 141.211.14.25.993 20 17 1719
>> 6071 FSRPA
>> 08:01:53.458966 r tcp 130.216.49.189.49239 -
>> > 141.211.14.25.993 21 19 1788
>> 8462 FSRPA
>> 08:01:56.583179 tcp 130.216.49.189.49240 -
>> > 141.211.14.25.993 19 15 1665
>> 2431 FSRPA
>> 08:01:58.680469 tcp 130.216.49.189.49241 -
>> > 141.211.14.25.993 19 15 1655
>> 2927 FSRPA
>> 08:02:00.766632 tcp 130.216.49.189.49242 -
>> > 141.211.14.25.993 19 17 1657
>> 2634 FSRPA
>> 08:02:02.921232 tcp 130.216.49.189.49246 -
>> > 141.211.14.25.993 17 14 1469
>> 1764 FSRPA
>> 08:02:04.690269 r tcp 130.216.49.189.49247 -
>> > 141.211.14.25.993 21 19 1788
>> 8211 FSRPA
>> 08:02:07.635353 tcp 130.216.49.189.49248 -
>> > 141.211.14.25.993 19 15 1654
>> 2442 FSRPA
>> 08:02:09.873538 tcp 130.216.49.189.49249 -
>> > 141.211.14.25.993 19 15 1650
>> 2133 FSRPA
>
> -Zd
>
>> 08:01:20.684427 r tcp 130.216.49.189.49226 -
>> > 141.211.14.25.993 20 16 1717
>> 4106 FSRPA
>> 08:01:23.525084 tcp 130.216.49.189.49227 -
>> > 141.211.14.25.993 20 19 1718
>> 7395 FSRPA
>> 08:01:26.637297 r tcp 130.216.49.189.49228 -
>> > 141.211.14.25.993 21 20 1794
>> 7291 FSRPA
>> 08:01:29.791700 tcp 130.216.49.189.49229 -
>> > 141.211.14.25.993 17 14 1479
>> 1764 FSRPA
>> 08:01:31.554709 tcp 130.216.49.189.49230 -
>> > 141.211.14.25.993 19 17 1665
>> 2223 FSRPA
>> 08:01:33.821605 tcp 130.216.49.189.49231 -
>> > 141.211.14.25.993 19 15 1666
>> 2031 FSRPA
>> 08:01:36.187044 tcp 130.216.49.189.49232 -
>> > 141.211.14.25.993 19 16 1664
>> 4355 FSRPA
>> 08:01:38.463524 r tcp 130.216.49.189.49233 -
>> > 141.211.14.25.993 24 23 1999
>> 14379 FSRPA
>> 08:01:41.797460 tcp 130.216.49.189.49234 -
>> > 141.211.14.25.993 19 15 1658
>> 2931 FSRPA
>> 08:01:44.193057 r tcp 130.216.49.189.49235 -
>> > 141.211.14.25.993 20 16 1715
>> 3726 FSRPA
>> 08:01:46.429550 tcp 130.216.49.189.49236 -
>> > 141.211.14.25.993 19 17 1653
>> 2940 FSRPA
>> 08:01:48.473256 tcp 130.216.49.189.49237 -
>> > 141.211.14.25.993 19 17 1657
>> 2917 FSRPA
>> 08:01:50.818629 tcp 130.216.49.189.49238 -
>> > 141.211.14.25.993 20 17 1719
>> 6071 FSRPA
>> 08:01:53.458966 r tcp 130.216.49.189.49239 -
>> > 141.211.14.25.993 21 19 1788
>> 8462 FSRPA
>> 08:01:56.583179 tcp 130.216.49.189.49240 -
>> > 141.211.14.25.993 19 15 1665
>> 2431 FSRPA
>> 08:01:58.680469 tcp 130.216.49.189.49241 -
>> > 141.211.14.25.993 19 15 1655
>> 2927 FSRPA
>> 08:02:00.766632 tcp 130.216.49.189.49242 -
>> > 141.211.14.25.993 19 17 1657
>> 2634 FSRPA
>> 08:02:02.921232 tcp 130.216.49.189.49246 -
>> > 141.211.14.25.993 17 14 1469
>> 1764 FSRPA
>>
>
>
>
>
>
>
Carter Bullard
CEO/President
QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060810/6b14410a/attachment.html>
More information about the argus
mailing list