rabins trouble clients.67

[Carter Bullard]

Hey Mike,
You should use rasplit() with the same parameters.

rasplit -r * -M time 1m -w "/tmp/min/argus.%Y.%m.%d.%H.%M.%S"
  
I added the year month day in case the files span a day.

Carter

Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax

-----Original Message-----
From: Michael Hornung <hornung at washington.edu>

Date: Thu, 10 Jan 2008 11:33:46 
To:argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] rabins trouble clients.67


On x86 I'm trying to split a set of argus records on 1 minute boundaries so I 
can count the aggregate number of flows per given minute.  I assume the way to 
do this is with rabins and then running each rabins output file through 
racount.

When I run rabins on my data I don't get the expected series of output files. 
I've got 108 argus files each containing a 5 minute chunk of argus data.  I 
expect that:

 	rabins -r * -M time 1m -w /tmp/min/x

will read each of those argus files and split the data into a whole lot of 
files, each representing 1 minute of activity.  When the above command finishes 
I look in /tmp/min/ and all I see is:

 	-rw-rw-r-- 1 argus argus 31071784 Jan 10 10:08 x

I also tried using the time-format output file notation to no avail:

 	rabins -r * -M time 1m -w "/tmp/min/argus.%H.%M.%S"

Which gave me the single output file:

 	argus.%H.%M.%S

What am I doing wrong, and is there an easier way to get what I want?

-Mike