Counting flows by time interval in argus

[Stéphane Peters]

Hello,

Here is an example of counting flows I have just used,
to compare print flows seen by argus (filtered on port 9100)
with print requests seen by our batch server (found in a csv file).
Both lists have been feed in a spreadsheet to make a nice graphic 
comparison.

If someone sees a better way to do this within ra* clients without the 
unixes filters,
I will be happy to see how to do it.

Example saved on the wiki:
> Count flows by groups of 10 minutes : show only the flow start times, 
> cut after the 10ths of minutes, add a trailing zero and delete heading 
> spaces to show a nice HH:MM line, count them, invert columns, insert a 
> delimitor.  Ready to be feed in your favorite spreadsheet.
>   ra -s stime -p 0 -nr $file |\
>     cut -c -7 |\
>     uniq -c | \
>     sed -e 's/$/0/' \
>         -e 's/^ *//' \
>         -e 's/\(.*\) *\(.*\)/\2,\1/' > flowcounts.csv

Regards,

-- 
Stephane.Peters at forem.be, Postmaster at forem.be