rabins trouble clients.67
Michael Hornung
hornung at washington.edu
Thu Jan 10 16:31:13 EST 2008
Aha, thanks Carter!
-Mike
On Thu, 10 Jan 2008 at 21:25, Carter Bullard wrote:
|Hey Mike,
|You should use rasplit() with the same parameters.
|
|rasplit -r * -M time 1m -w "/tmp/min/argus.%Y.%m.%d.%H.%M.%S"
|
|I added the year month day in case the files span a day.
|
|Carter
|
|Carter Bullard
|QoSient LLC
|150 E. 57th Street Suite 12D
|New York, New York 10022
|+1 212 588-9133 Phone
|+1 212 588-9134 Fax
|
|-----Original Message-----
|From: Michael Hornung <hornung at washington.edu>
|
|Date: Thu, 10 Jan 2008 11:33:46
|To:argus-info at lists.andrew.cmu.edu
|Subject: [ARGUS] rabins trouble clients.67
|
|
|On x86 I'm trying to split a set of argus records on 1 minute boundaries so I
|can count the aggregate number of flows per given minute. I assume the way to
|do this is with rabins and then running each rabins output file through
|racount.
|
|When I run rabins on my data I don't get the expected series of output files.
|I've got 108 argus files each containing a 5 minute chunk of argus data. I
|expect that:
|
| rabins -r * -M time 1m -w /tmp/min/x
|
|will read each of those argus files and split the data into a whole lot of
|files, each representing 1 minute of activity. When the above command finishes
|I look in /tmp/min/ and all I see is:
|
| -rw-rw-r-- 1 argus argus 31071784 Jan 10 10:08 x
|
|I also tried using the time-format output file notation to no avail:
|
| rabins -r * -M time 1m -w "/tmp/min/argus.%H.%M.%S"
|
|Which gave me the single output file:
|
| argus.%H.%M.%S
|
|What am I doing wrong, and is there an easier way to get what I want?
|
|-Mike
|
|
More information about the argus
mailing list