problem experienced with ra client: unequal results

real.melancon at videotron.ca real.melancon at videotron.ca
Thu Jul 5 08:50:27 EDT 2007


Hi Carter.

I think I also see a problem with rasort (or racluster), but I am not sure. For example:

#> /usr/local/bin/racluster -m matrix -r /var/log/argus/archive/2007/06/30/argus.2007.06.30.15.00.01.gz -N 2
	e           ip        x.5.72.x           ->        x.6.163.x               1        0           62            0   INT
	e           ip        x.5.72.x           ->         x.6.166.x               1        0           62            0   INT

but "piping" to rasort fails:

/usr/local/bin/racluster -m matrix -r /var/log/argus/archive/2007/06/30/argus.2007.06.30.15.00.01.gz -w - | rasort -m bytes -N 2
rasort[12302]: 16:55:13.013960 ArgusGenerateRecord: time format incorrect:4

Obviously, I can see there is no time in front or record, but why ? Is there any workaround for this ? 

FYI. We are running Debian Linux ("etch") with 32bits kernel:

#> uname -a
Linux GVAARGUS1 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686 GNU/Linux 
It's running on "Intel(R) Core(TM)2 CPU" with 1 GIG. of RAM
Ethernet interfaces are:
e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
e1000: eth1: e1000_probe: Intel(R) PRO/1000 Network Connection (this is sniffing interface)
Running at 100Mb FD.
eth0: negotiated 100baseTx-FD flow-control, link ok
eth1: negotiated 100baseTx-FD flow-control, link ok

As mentioned previously, data is collected simply using argusd daemon, and rotated hourly by argusarchive. No radium, or rasplit is used at all.

Thanks in advance.

Real.


>Hey Réal,
>Peter is right, we do have a little instability with the release candidates, and I've been extremely busy on real work, so, ...., my fault at not getting the fixes out quickly!!
>
>The zero length record is a persistent problem, and I still do not have enough data to fix it properly.  If you can share platform, strategy (radium?) and 64-bit vs 32-bit info and of course a sample data file that causes the error, that would go a long way to fixing the problem.
>
>The reason you get no output, is a result of the pipes, where a failure along the set of pipes, causes the down stream processes to terminate early.
>
>I think rather than filter the errors, I need to fix the problem.  If at all possible, if you can share a file that dies with the error, that would help!!!
>
>Carter
>
>Carter Bullard

____________________________
Réal Melançon



More information about the argus mailing list