argus-clients-3.0.0.rc.18

Carter Bullard carter at qosient.com
Wed Jul 12 23:23:22 EDT 2006 

Peter,
Give this patch a try to fix the loss stats when argus-3.0 writes
and ra.3 is used to print.  I still have to work on the ra.3 reading
argus-2.x data for loss reporting.   I'm headed on the road
tomorrow morning, and won't be back until late Fri, so this may
be the last update for this week.

Carter


On Jul 12, 2006, at 10:40 PM, Peter Van Epp wrote:

> On Wed, Jul 12, 2006 at 05:31:10PM -0400, Carter Bullard wrote:
>> Hey Peter,
>> Found the dst winshift problem and the icmp status field missing
>> problem, and fixed.
>>
>> Is it possible to get some sample records for debuggin?
>> If you could grab one or two of the records that have loss problems,
>> and the "decr" record (something seems screwy with that one).
>>
>> Carter
>>
>
> 	Here is the first loss one:
>
> %argus_bpf -r loss1.tcp -w loss1.argus
>
> %./ra_test.pl loss1.argus
> dloss 66.6667 0
>
> line: 1 fields in error: dloss,dir,
> 1151432499.171267,1151432508.137393,1,8.966126,8.966126,142.58.215.98, 
> 142.58.103.20,tcp, 
> 4401,139,0,0,128,126,66,198,1,3,58.89,176.66,0.11,0.33,0.0000,66.6667, 
> 3848370891,qd,0:11:43:c1:b3:3f,0:11:88:5:5d:1d,<-,,,ACC,,, 
> 0,17316,1,,,0x80d7,0x00d7,0x81fd
> 1151432499.171267,1151432508.137393,1,8.966126,8.966126,142.58.215.98, 
> 142.58.103.20,tcp, 
> 4401,139,0,0,128,126,66,198,1,3,58.888,176.665,0.112,0.335,0,0,229.97. 
> 122.203, vd      ,0:11:43:c1:b3:3f,0:11:88:5:5d:1d,->,,,ACC,,, 
> 0,17316,1,,,0x80d7,0x00d7,0x81fd,0x81fd
>
> sport v2.0 0
> dport 0 198
> dloss 3848370891
> state  SHT
> dwin 0
>
> line: 2 fields in error:  
> sbytes,state,dport,trans,seq,dtos,dwin,dloss,sttl,daddr,dttl,saddr,dby 
> tes,sport,stos,
> 1152758496.753201,1152758496.764703,,0.011502,0.011502,229.97.122.203, 
> 2,man,v2.0,0,0,0,0,0,264,1,4,0,-0.00,-0.00,-0.00,0.00,,3848370891,,,,, 
> ,,SHT,,,,,0,,,,,
> 1152758496.753201,1152758496.764703, ,0.011502,,3,0,man, 
> 0,198,,,,,0,0,4,0,0.000,0.000,0.000,0.000,,,129.253.0.126,         ,,, 
> ,,,SHT,,,,,2,,,,,,
>
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
> <loss1.tcp>
> <loss1.argus>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060712/9eb1cf5b/attachment.html>

More information about the argus mailing list