argus metric: srng and erng

Carter Bullard carter at qosient.com
Thu Oct 11 10:58:51 EDT 2007 

Hey CS Lee,
These are the Start and End Range keywords, so the goof up
is that the print keywords are suppose to be "srng" and "erng".
The column labels are corrent, SRange and ERange.

These fields are referring to the Time Filter Range, which are
the start and stop times of the filter.  Probably not the most frequent
print field in the ra* suite, but I wanted to print everything, and
this is a part of everything.  Currently, they are not implemented,
so they'll print spaces.  I'll have them implemented in argus
clients, probably next week.

Remember, the time filtering command is not trivial, we have
span time, exclusive time and inclusive time, so sometimes its
not clear as to why this record matches the filter, or day light
savings time gets in there, or something, so seemed like a
good thing to print.

Carter



On Oct 11, 2007, at 3:32 AM, CS Lee wrote:

> Hi all,
>
> I'm checking on argus metric now, and figure there are srng and  
> erng in ra.print.all.conf, when i search in argus server directory -
>
> find ../argus-3.0.0 -type f | xargs egrep -i 'srng|erng'
> ../argus-3.0.0/include/argus_client.h:   "srng",
> ../argus-3.0.0/include/argus_client.h:   "erng",
>
> But when i search in argus client directory -
>
> find ../argus-clients-3.0.0.rc.58 -type f | xargs egrep -i 'erng'
> ../argus-clients-3.0.0.rc.58/support/Config/ 
> ra.print.all.conf:RA_FIELD_SPECIFIER= srcid stime ltime trans flgs  
> dur avgdur stddev mindur maxdur saddr daddr proto sport dport stos  
> dtos sdsb ddsb sttl dttl sipid dipid pkts spkts dpkts bytes sbytes  
> dbytes appbytes sappbytes dappbytes sload dload load sloss dloss  
> loss sploss dploss ploss srate drate rate smac dmac dir sintpkt  
> dintpkt sintpktact dintpktact sintpktidl dintpktidl sintpktmax  
> sintpktmin dintpktmax dintpktmin sintpktactmax sintpktactmin  
> dintpktactmax dintpktactmin sintpktidlmax sintpktidlmin  
> dintpktidlmax dintpktidlmin jit sjit djit jitact sjitact djitact  
> jitidl sjitidl djitidl state ddur dstime dltime dspkts ddpkts  
> dsbytes ddbytes pdspkts pddpkts pdsbytes pddbytes suser duser  
> tcpext swin dwin jdelay ldelay seq bins binnum smpls dmpls svlan  
> dvlan svid dvid svpri dvpri srng erng stcpb dtcpb tcprtt inode
>
> When I try -
> ra -L0 -nr tcpshake.arg -s srng erng
> SRange
>
> ra -L0 -nr tcpshake.arg -s srng drng
> SRange ERange
>
> After checking on the client source, i think it should be drng but  
> why is it ERange, it should be DRange
>
> ../argus-clients-3.0.0.rc.58/include/argus_util.h:   { "drng", "",  
> 6 , 1, ArgusPrintDstRange, ArgusPrintDstRangeLabel},
>
> However I don't take a closer look of how I can make use of Source  
> range and Destination range, maybe hint from Carter?
>
> Thanks ;]
>
> -- 
> Best Regards,
>
> CS Lee<geekooL[at]gmail.com>
>
> http://geek00l.blogspot.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20071011/ed73f052/attachment.html>

More information about the argus mailing list