raxml help

Carter Bullard carter at qosient.com
Wed Jan 23 21:56:38 EST 2008 

Hey tbh,
No "-s all" specification, but in the ./common/Config directory there is
a rarc style file that has all the fields in it, which gets the job 
done.  Give
that a parameter to the ra() call in the end.

The excel.rc file does the csv, but it also formats any time fields to
excel formats.  If you don't need that, since you aren't printing any
time fields, you can just pass a "-c ," parameter to your ra() command,
without the "-f excel.rc" parameter.

Your TopN command gives you the TopN flows.  You may want to
play with TopN hosts, TopN ports, TopN nets by making some
changes to the racluster() call.
   TopN hosts  - "racluster -M rmon -m saddr -r file -w - -- ip"
   TopN ports  - "racluster -M rmon -m sport -r file -w - -- ip"
   TopN nets   -  "racluster -M rmon -m saddr/16 -r file -w - -- ip"

you would pipe those through the rasort() and then use ra() to print
out the object.

   TopN hosts -  "ra -s saddr bytes:20"
   TopN ports - "ra -s sport bytes:20"
   TopN nets - "ra -s snet/16 bytes:20"

Carter

tbh wrote:
> Thanks for the quick reply! Doh! Not sure why I missed the -M xml
> option! I'll play with that a bit and see how it works.
>
> As for the best way to present the data, I'm certainly open to
> suggestions. Perhaps a simpler solution is to output the data to csv
> and import it into Excel/Access. Currently, (and I'll reiterate my
> newbie status) I'm using rasplit to break my output file into multiple
> files based on 1 hour increments (it seems to improve the performance
> when I pull data instead of using the -t time option). To pull
> toptalkers, I use:
>
> racluster -r /usr/local/argus/argus-eth0<time value> -M norep -w - --
> ip | rasort -m bytes -w - | ra -nn  -N 25 -s bytes:20 daddr dport
> dbytes:20 trans:10 saddr sport sbytes:20
>
> The output gives me the top 25 talkers. If I were to include -F
> excel.rc in the ra command, that should output the data as a csv.
> Something like:
>
> racluster -r /usr/local/argus/argus-eth0<time value> -M norep -w - --
> ip | rasort -m bytes -w - | ra -F excel.rc -nn  -N 25 -s bytes:20
> daddr dport dbytes:20 trans:10 saddr sport sbytes:20 > top25.csv
>
> Out of curiousity (and sort of thinking out loud) is there a -s ALL
> option? Or would I need to add each field separately?
>
> Anyways, I should then be able to pull the top25.csv file into Excel
> and massage the data into charts/graphs. Or, is there a better
> (simpler) way?
>
> Thanks again!
> tbh
>
> On 1/23/08, Carter Bullard <carter at qosient.com> wrote:
>   
>> Hey Tbh,
>> The xml support is embedded in all the ra* programs now.
>> The "-M xml" option will generate xml output, but ......
>> the support is not yet complete.  raxml() would print out
>> the entire argus record content, the new scheme is designed
>> to use the "-s field ..." option to specify what data would
>> be printed.  Because of these changes,  the schema needs
>> to be updated.  If you are interested in the xml data output,
>> please give it a try and send comments on what is missing
>> or how we could do it better.
>>
>> I don't think xml will provide you any better support than
>> just a report or table output, like ratop() provides, if you're
>> problem is communicating network concepts like top talkers,
>> service utilization, etc...   You will need to think about graphing,
>> and viz methods for showing some data types, but xml on its
>> own, will not do anything for you.
>>
>> Please keep this dialog up on the list if you're interested in
>> finding the best way to present certain types of data.  I
>> think the discussion will help me and the argus community
>> a great deal.
>>
>> For TopN talkers,  isn't a table with the talker id,, in some
>> order of topness, and the metrics of interest a good start?
>>
>>
>> Carter
>>
>> tbh wrote:
>>     
>>> I'm relatively new to argus, having been using it for about a month
>>> now. I've got it up and running fine and am able to pull data with the
>>> ra clients just fine. However, I've seen references in the docs and
>>> list to raxml. Yet, I can't seem to find it in the latest (rc.67 or
>>> rc.66) versions of the ra clients. Has it been removed?
>>>
>>> What I'm ultimately looking for is a way to present various aspects of
>>> the flow data (ie top-talkers, service utilization, etc.) to
>>> management. I assume XML is the best path to start down.
>>>
>>> Thanks in advance!
>>>
>>> tbh
>>>
>>>
>>>       
>>     
>
>

More information about the argus mailing list