new argus and argus-clients code available
Robin Gruyters
r.gruyters at yirdis.nl
Wed Jun 14 03:20:26 EDT 2006
Hello,
Tested the racount on a copy of last month data, and this whats happens:
[...]
# racount -ar /data2/argus/05/*/*
racount[55289]: syslog: unknown facility/priority: 302f7375
racount[55289]: 09:04:44.789405
/data2/argus/05/01/argus.2006.05.01.00.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.01.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.02.00.01.bz2
/data2/argus/05/01/argus.2006.05.01.03.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.04.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.05.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.06.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.07.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.08.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.09.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.10.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.11.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.12.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.13.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.14.00.01.bz2
/data2/argus/05/01/argus.2006.05.01.15.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.16.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.17.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.18.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.19.00.00.bz2 /data2/argu
Segmentation fault (core dumped)
[...]
The archived data is from argus-2.0.6.
If I remove the "-a" option, it works fine. Also tested with "ra" tool:
[...]
# ra -ar /data2/argus/05/*/*
ra[57228]: syslog: unknown facility/priority: 302f7375
ra[57228]: 09:10:36.838177
/data2/argus/05/01/argus.2006.05.01.00.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.01.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.02.00.01.bz2
/data2/argus/05/01/argus.2006.05.01.03.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.04.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.05.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.06.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.07.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.08.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.09.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.10.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.11.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.12.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.13.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.14.00.01.bz2
/data2/argus/05/01/argus.2006.05.01.15.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.16.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.17.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.18.00.00.bz2
/data2/argus/05/01/argus.2006.05.01.19.00.00.bz2 /data2/argus/05/
Segmentation fault (core dumped)
[...]
Also the output from racount isn't correct! (does not match with the
current racount from 2.0.6)
[old racount from 2.0.6]
# racount -r /data2/argus/archive/05/*/* - net 82.148.219.xxx/28
racount records total_pkts src_pkts dst_pkts
total_bytes src_bytes dst_bytes
sum 1800024 85963657 35640845 50322812
59584466433 8453613521 51130852912
[end]
[new racount from 3.0.0-rc.8]
# racount -r /data2/argus/05/*/* - net 82.148.219.xxx/28
racount records total_pkts src_pkts dst_pkts
total_bytes src_bytes dst_bytes
sum 1800947 0 85965236 0
35641713 0 50323523
[end]
The total_pkts, dst_pkts and src_bytes are 0 (=zero).
Regards,
Robin
Quoting Carter Bullard <carter at qosient.com>:
> Gentle people,
> New code on the server. It doesn't fix everything (radium problem
> not addressed) but porting issues should be addressed, and
> argus-2.0 backward compatibility is working again. Please
> give this new a code a run down.
>
> ftp://qosient.com/dev/argus-3.0
>
> Thanks!!!!
> Carter
More information about the argus
mailing list