argus-3.0 status - looking much better

[Carter Bullard]

Hey Robin,
    Several things.  The "-a" option, should be '-A'.   The -a option  
requires
a parameter (that's why you're getting a filter error), and the -A  
option doesn't
so its more appropriate as a simple flag.   Now, of course the  
documentation
and the code have to be updated to support that, so, currently the -A  
option
doesn't work.   I'll update the man pages and put the code back.

    Ragraph.  This is an rrd error, so its possible that rrd.pm has  
changed?
What version of rrdtool are you using?   I'm using rrdtool-1.2.13.

    The default timestamp for argus-2.0 was "%d %b %y %T", which causes
column parsing problems, as our default field separator is a space.   
argus-3.0
is using "%T", and if the precision is set to > 0, we'll put the  
fractional part
of the time (recommended).   I took out the date part, because the  
column
gets  big really fast, but that may take away from the utility tooooo  
much.

    So how about "%Y/%m/%d.%T" as the default?

Carter


On Jun 19, 2006, at 3:41 AM, Robin Gruyters wrote:

> Hello Carter,
>
> Here are my (open) issues with argus-clients 3.0:
>
> - racount with option -a not working:
>   I still get a "filter syntax error" when using the -a option.
>
> - ragraph not working:
>   When executing the following command "ragraph bytes dport -M 5m - 
> r /data1/argus/argus.radium-20060619" I get the following message:
>   /usr/local/bin/ragraph: unable to update `/var/tmp/tmp. 
> 0.ak23NK.rrd': Not enough arguments
>
> racluster and ratop works fine.
>
> Also noticed that the timestamp has changed with argus 3.0. Before  
> with argus* 2.0.6 it shows you the date and time, but now I only  
> see the time.
>
> [argus 2.0.6]
> 19 Jun 06 09:33:09           icmp   82.148.219.XX   ->   
> XX.XXX.XXX.XXX  3        210          URP
> [end argus 2.0.6]
>
> [argus 3.0.0.rc.*]
> 09:36:46.238770            icmp       XXX.XXX.X.XX 7         - 
> >           10.8.0.2 113           1         98   ECR
> [end argus 3.0.0.rc.*]
>
> That is it. (for the moment)
>
> Regards,
>
> Robin Gruyters
> Network and Security Engineer
> Yirdis B.V.
> I: http://yirdis.com
> P: +31 (0)36 5300394
> F: +31 (0)36 5489119
>
> Quoting Carter Bullard <carter at qosient.com>:
>
>> Gentle people,
>> Argus-3.0 is getting close to being compilable on all supported  
>> platforms
>> hopefully without warnings out of the box.   The next step will  
>> be  to validate
>> that we've got good 2.0 -> 3.0 backward compatibility, which so  
>> far, looks
>> very good.   By compatibility, we should be able to read argus-2.0  
>> data, and
>> we should get the same results, (with a few minor exceptions).
>>
>> Currently, if you read 2.0 data and convert it to 3.0 format  
>> (which all the
>> programs will do), you will get smaller files, as we are being  
>> much more
>> efficient with how we represent data structures and values.    
>> Possibly up
>> to 20% reduction.
>>
>> So far, all the clients should be working with both 2.0 and 3.0 data.
>> Of particular interest should be ratop() as there are huge  
>> improvements
>> on its function, etc....   ragraph() is also much better, and  
>> hopefully
>> some people, will run it  and give some comments.
>>
>> Default behaviors should be the same, so if we need to change the
>> default printing behavior of ra* programs, or we need to change a
>> column width, or whatever, getting that addressed would be great.
>> All I need is a note saying this is inconsistent, etc.....
>>
>> After this step, its on to documentation (which I'll start  
>> patching on
>> monday with the suggested man patches to date), especially
>> the documentation for the new programs, racluster() and rasplit().
>>
>> Thanks for all the efforts, and looks like we're on our way to an
>> official release maybe in the next few weeks!!!!!!
>>
>> Hope all is excellent,
>>
>> Carter
>
>

Carter Bullard
CEO/President
QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax