starttime differences between Argus2 and Argus3
Dietmar Goldbeck
goldbeck at e-trend.de
Mon Jul 10 13:32:30 EDT 2006
On Mon, Jul 10, 2006 at 10:52:05AM -0400, Carter Bullard wrote:
> Hey Dietmar,
> Very interesting. I suspect that these are the last timestamps,
> rather than the starting timestamps. Can you printout both
> for comparison?
>
> ra -s stime ltime
>
Hi Carter,
this is not the case, here is one example:
pinguin:~# racluster -z -n -s stime ltime proto saddr sport daddr dport -r /var/argus/ippp0/2006/2006-07/2006-07-10/argus_ippp0_20060710_074504.log.gz - port 993
07-10-06 07:53:28.250509 07-10-06 07:53:58.883068 tcp 212.8.203.2.58433 62.214.112.140.993
pinguin:~# racluster -z -n -s stime ltime proto saddr sport daddr dport -r /var/argus3/ippp0/2006/2006-07/2006-07-10/argus_ippp0_20060710_074505.log.gz - port 993
07-10-06 07:53:25.252063 07-10-06 07:53:58.883068 tcp 212.8.203.2.58433 62.214.112.140.993
> If this is not the issue, can you share some data so I can
> debug?
I'll send you the two logfiles in private mail.
Ciao
Dietmar
--
Alles Gute / best wishes
Dietmar Goldbeck E-Mail: dietmar.goldbeck at schotterweg.de
Reporter (to Mahatma Gandhi): Mr Gandhi, what do you think of Western
Civilization? Gandhi: I think it would be a good idea.
More information about the argus
mailing list