racount not accepting variables in shell script?

Nyuk Loong Kiw Kiw at safecom.co.nz
Thu Mar 23 00:57:11 EST 2006


Thanks Carter,

After spending more time on it, I realised that packet-dump-$DATE_*.arg
is actually matching all log files in that directory (instead of just
today's log file), to fix it all I have to do is get rid of the
underscore and change it from packet-dump-$DATE_*.arg to
packet-dump-$DATE*.arg .

Thanks again for your quick response.


kiw

-----Original Message-----
From: Carter Bullard [mailto:carter at qosient.com] 
Sent: Thursday, March 23, 2006 5:00 PM
To: Nyuk Loong Kiw
Cc: argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] racount not accepting variables in shell script?

Hey Kiw,
   So what is the format of the file name in /var/argus/log?   One way 
to debug
your script is to print out the '/var/argus/log/packet-dump-$DATE_*.arg"

to see
what files racount is using for input, and how that maps to the files in
/var/argus/log.

Carter


Nyuk Loong Kiw wrote:

>Hi,
> 
>I am trying to setup a cron job to generate daily traffic usage report 
>etc. What i realised is the total_bytes will just keep incrementing 
>everyday. My script look soemthing like this:
> 
>-----------------------------------------------------------------------
>-
>----------------------
>DATE=$(date +%Y-%m-%d)
>
>echo
>"######################################################################
># ##" > /var/argus/reports/TotalTraffic/TT-$DATE
>echo "#"TOTAL Traffic for all networks >> 
>/var/argus/reports/TotalTraffic/TT-$DATE
>echo
>"######################################################################
># ##" >> /var/argus/reports/TotalTraffic/TT-$DATE
>echo "" >> /var/argus/reports/TotalTraffic/TT-$DATE
>/usr/local/bin/racount -L0 -r /var/argus/log/packet-dump-$DATE_*.arg >>

>/var/argus/reports/TotalTraffic/TT-$DATE
>echo "" >> /var/argus/reports/TotalTraffic/TT-$DATE
>-----------------------------------------------------------------------
>-
>-----------------------
>
>What looks like happening is the $DATE variable isn't passed to racount

>properly (ie racount is actually counting total_bytes of all log files 
>in the /var/argus/log instead of just log files for that particular 
>day).
>
>Eg let say the DATE variable has a value of 2006-03-21
>
>Result for /usr/local/bin/racount -L0 -r 
>/var/argus/log/packet-dump-$DATE_*.arg >> 
>/var/argus/reports/TotalTraffic/TT-$DATE is :
>
>racount    records       total_pkts         src_pkts         dst_pkts
>total_bytes        src_bytes        dst_bytes
>    sum   22412761        630445145        331301236        299143909
>326612253380     128178277503     198433975877
>
>
>If I replace $DATE with 2006-03-21, eg /usr/local/bin/racount -L0 -r 
>/var/argus/log/packet-dump-2006-03-21_*.arg >> 
>/var/argus/reports/TotalTraffic/TT-$DATE , I get a different result:
>
>racount    records       total_pkts         src_pkts         dst_pkts
>total_bytes        src_bytes        dst_bytes
>    sum   11217404        346379902        179915579        166464323
>187187102441      71521495695     115665606746
>
>
>I am pretty new in shell scripting etc. Have I done something wrong? Is

>this a known problem? I did a search in the argus achived mailing list 
>and can't seem to find anything related.
>
>
>Thanks
>
>
>Kiw
> 
> 
> 
>#######################################################################
>##############
>Important: This electronic message and attachments (if any) are 
>confidential and may be legally privileged. If you are not the intended

>recipient do not copy, disclose or use the contents in any way. Please 
>let us know by return e-mail immediately and then destroy this message.
>#######################################################################
>##############
>
>  
>

#####################################################################################
Important: This electronic message and attachments (if any) are confidential
and may be legally privileged. If you are not the intended recipient do not
copy, disclose or use the contents in any way. Please let us know by return
e-mail immediately and then destroy this message.
#####################################################################################



More information about the argus mailing list