argus client default timestamp format
Carter Bullard
carter at qosient.com
Mon Jun 19 13:01:34 EDT 2006
Hey Eric,
Well, the -t option is already taken ;o).
So you can do most of these things, but not with the -t[t] style of
command line.
Do not print a timestamp (assuming that we're talking of default).
"-s -startime"
To print unformatted timestamp:
"-u"
To print day and month (or any format at all)
specify in a .rarc formated file the RA_TIME_FORMAT="string"
where string is a strftime() directive.
To print timestamp difference between packets
we support packet interval reporting but because
we are not a packet technology, you're not going to
get this one.
To print timestamp difference.
We haven't talked about supporting this before,
So we could support a new print field "rstartime"
and "rlasttime" for relative start time and relative lasttime.
This would be relative to the first record that is is the
file/stream.
BUT, we normally provide filter support for the basic keywords,
so would we also want filter support for the rstartime? Like,
- rstartime gt 5.45
How's that?
Carter
On Jun 19, 2006, at 12:49 PM, Eric Pancer wrote:
> On Mon, 2006-06-19 at 12:39:30 -0400, Carter Bullard wrote...
>
>> So the time format is an option, since you set the format in your
>> .rarc file, but not on the command line (we're already using so many
>> letters, just not enough options available). Tthe only
>> question is what should the default string be? Are we happy
>> with "%T" (this is the format specified by the routine strftime()),
>> or do we want the date?
>
> Hi Carter -
>
> Could you follow what tcpdump does?
>
> "
> -t Do not print a timestamp on each dump line.
>
> -tt Print an unformatted timestamp on each dump line.
>
> -ttt Print day and month in timestamp.
>
> -tttt Print timestamp difference between packets.
>
> -ttttt Print timestamp difference since the first packet.
> "
>
More information about the argus
mailing list