racount
Carter Bullard
carter at qosient.com
Fri Dec 7 14:40:40 EST 2007
The additional record is the initial management record that is in all files, but isn't printed out, by default.
We had a discussion, a long time ago, regarding these management records and if they should be counted. Seems we last decided that they should be counted?
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: "CS Lee" <geek00l at gmail.com>
Date: Wed, 5 Dec 2007 12:09:57
To:Argus <argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] racount
Carter,
I want to know how many flow record for the ip transaction -
racount -r Book-1.arg3.bz2 - ip
racount records total_pkts src_pkts dst_pkts total_bytes src_bytes dst_bytes
sum 42205 1365727 630034 735693 978069190 246465274 731603916
ra -nr Book-1.arg3.bz2 - ip | wc -l
42204
I'm wondering why racount always has additional 1 record after I have tested in on other argus data too.
Thanks.
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
http://geek00l.blogspot.com <http://geek00l.blogspot.com>
More information about the argus
mailing list