rastrip mangles timestamps
Carter Bullard
carter at qosient.com
Sat Jun 16 09:50:47 EDT 2007
Hey Patrick,
So I have tested this on about 10 different platforms and can't
replicated your problem!!! Could you share your INFILE data file?
That sometimes is the only way I can find the bug to fix it!!!
I also need to know what versions of software you are running,
just in case we've somehow already fixed it?
Carter
On Jun 14, 2007, at 10:55 AM, Patrick Forsberg wrote:
> I tried running the same rastrip command two times and would expect
> the second run not to do anything with the data, but it seems that
> it does.
>
>
> # rastrip -M -suser -M -duser -r INFILE -w OUTFILE1
> # rastrip -M -suser -M -duser -r OUTFILE1 -w OUTFILE2
>
> # ls -la OUTFILE*
> -rw-r--r-- 1 root root 16932764 Jun 13 17:18 OUTFILE1
> -rw-r--r-- 1 root root 16925984 Jun 14 16:01 OUTFILE2
>
> Since OUTFILE1 shouldn't contain any suser or duser data I would
> expect OUTFILE2 to be identical to OUTFILE1 but as one can see from
> looking at the filesizes they do differ.
>
> Let's see what differs
>
> # ra -n -r OUTFILE1 > /tmp/OUT1
> # ra -n -r OUTFILE2 > /tmp/OUT2
>
> # diff /tmp/OUT{1,2}
> < 23:49:57.199212 e udp x.x.52.167.32832 <-
> > x.x.47.142.8397 15 10037 975
> 1381547 CON
> ---
>> 23:54:52.726221 e udp x.x.52.167.32832 <-
>> > x.x.47.142.8397 15 10037 975
>> 1381547 CON
> 1705c1705
> < 23:49:58.773816 e d tcp x.x.35.135.4587 -
> > x.x.220.18.80 0 4 0
> 5936 CON
> ---
>> 23:53:05.983477 e d tcp x.x.35.135.4587 -
>> > x.x.220.18.80 0 4 0
>> 5936 CON
> 3558c3558
> < 23:50:00.250504 e s tcp x.x.45.214.41606 <?
> > x.x.54.121.3774 67 47 87005
> 3007 CON
> ---
>> 23:54:27.755044 e s tcp x.x.45.214.41606 <?
>> > x.x.54.121.3774 67 47 87005
>> 3007 CON
> 4881,4882c4881,4882
> < 23:50:02.120422 e ipv6-i ffff::fff:fff:fe1* <-
> > ffff::fff:ffff:c9* 8 7 688
> 602 NDN
> < 23:50:02.120675 e ipv6-i ffff::fff:ffff:c9* <-
> > ffff::fff:fff:fe1* 8 7 624
> 546 NDR
> ---
>> 23:54:37.603535 e ipv6-i ffff::fff:fff:fe1* <->
>> ffff::fff:ffff:c9* 8 7 688
>> 602 NDN
>> 23:54:37.611815 e ipv6-i ffff::fff:ffff:c9* <->
>> ffff::fff:fff:fe1* 8 7 624
>> 546 NDR
> 8832c8832
> < 23:50:08.175887 e d tcp x.x.184.60.3776 <?
> > x.x.26.22.39109 13 14 1160
> 924 CON
> ---
>> 23:54:36.201478 e d tcp x.x.184.60.3776 <?
>> > x.x.26.22.39109 13 14 1160
>> 924 CON
> 12316c12316
> < 23:50:15.330358 e d tcp x.x.2.188.63567 -
> > x.x.222.184.80 0 2 0
> 124 ACC
> ---
>> 23:51:03.521191 e d tcp x.x.2.188.63567 -
>> > x.x.222.184.80 0 2 0
>> 124 ACC
> 13809c13809
> < 23:50:18.426488 e d tcp x.x.2.188.63570 -
> > x.x.222.184.80 0 2 0
> 124 ACC
> ---
>> 23:51:06.627556 e d tcp x.x.2.188.63570 -
>> > x.x.222.184.80 0 2 0
>> 124 ACC
>
> Now, why have the timestamp changed?
>
> Regards,
>
> Patrick Forsberg, Chalmers IRT
>
More information about the argus
mailing list