racount 3.0.0.rc.34
Carter Bullard
carter at qosient.com
Fri Nov 17 11:11:14 EST 2006
Philipp,
I was wondering why you were using racluster() syntax with racount(),
and then I realized that I put a racluster() example in the racount()
man
page, so I apologize. I have fixed this.
racount() does not support the -a option (this option requires a
parameter when used by programs like rabins() and rasplit()).
racount() does not support the "-M" option, so there are no
option modes for racount().
use racluster() to generate the counts you are looking for:
racluster -m proto -r file -s proto spkts dpkts sbytes dbytes
of course, specify the columns of your choice, the ones above are
just suggestions.
Carter
On Nov 17, 2006, at 1:38 AM, Philipp E. Letschert wrote:
> racount -r <file> works
>
> racount -a -r <file> doesn't
>
> kirk at wendy:~/Desktop/argus-clients-3.0.0.rc.34/bin$ ./racount -r
> /var/log/argus/argus.log
> racount records total_pkts src_pkts dst_pkts
> total_bytes
> src_bytes dst_bytes
> sum 742 31547 17548 13999
> 11952883
> 1476926 10475957
>
> kirk at wendy:~/Desktop/argus-clients-3.0.0.rc.34/bin$ ./racount -a -r
> /var/log/argus/argus.log
> racount[3094]: 11-17-06 07:32:56.512474 /var/log/argus/argus.log
> filter syntax
> error
> racount records total_pkts src_pkts dst_pkts
> total_bytes
> src_bytes dst_bytes
> sum 0 0 0 0
> 0 0
> 0
>
> racount -M proto -r <file> which should give the same output as
> racount -a
> (as suggested in the racount man page) has no effect.
>
>
More information about the argus
mailing list