simple question
Carter Bullard
carter at qosient.com
Thu Apr 30 23:25:47 EDT 2009
Hey Rodney,
If you want to compare argus data with interface data, you need to
make sure that the concept of "interface" is preserved in the argus
aggregation, so we need to get the "smac" into the aggregation.
I would suggest that you do this instead:
rabins -M rmon -r 27.gz -M hard time 1h -m srcid smac -w - | \
ra -s stime srcid smac sbytes:20 dbytes:20 bytes:20 sload:20
dload:20 load:20 - ether src host 00:15:60:0C:B5:6A
The main difference, is that we have added "smac" to the aggregation.
We need the second ra(), so we can select the record where the mac
address is the source, which is the single record where the metrics
represent the input and output values for the interface.
Carter
On Apr 30, 2009, at 11:11 PM, Rodney McKee wrote:
> Hello again,
>
> Trying to calculate the in/out traffic loads, I'm comparing the
> figures against what I'm seeing from interface metrics that we
> collect but I feel like I'm missing something.
>
> What I'm doing is:
> ra -M rmon -r 27.gz -s +load +sload +dload +smac +dmac -w - | rabins
> -r - -M hard time 1h -m srcid -s stime sbytes:20 dbytes:20 bytes:20
> sload:20 dload:20 load:20 - ether src host 00:15:60:0C:B5:6A
>
> So I'm figuring that SrcLoad is Outbound traffic. The figures I see
> from the interface metrics are closer though to the Load figures
> given from above.
>
> argus output
> StartTime SrcBytes
> DstBytes TotBytes SrcLoad
> DstLoad Load
> 27/04/2009-04:00:00.000000 544139830
> 83161971 627301801 1209197.250000
> 184803.750000 1394002.250000
> 27/04/2009-05:00:00.000000 1979298092
> 146014107 2125312199 4398437.500000
> 324475.156250 4722913.500000
> 27/04/2009-06:00:00.000000 2412275071
> 480879101 2893154172 5360608.500000
> 1068619.125000 6429229.500000
> 27/04/2009-07:00:00.000000 6970566762
> 966247468 7936814230 15490145.000000
> 2147215.750000 17637362.000000
> 27/04/2009-08:00:00.000000 17933268517
> 2423718411 20356986928 39851704.000000
> 5386040.000000 45237748.000000
> 27/04/2009-09:00:00.000000 23271491312
> 3829316888 27100808200 51714424.000000
> 8509592.000000 60224016.000000
> 27/04/2009-10:00:00.000000 26257970562
> 4233687703 30491658265 58351044.000000
> 9408194.000000 67759240.000000
> 27/04/2009-11:00:00.000000 23591095772
> 4389753056 27980848828 52424656.000000
> 9755006.000000 62179660.000000
> 27/04/2009-12:00:00.000000 16555652766
> 3240043773 19795696539 36790336.000000
> 7200096.000000 43990436.000000
> 27/04/2009-13:00:00.000000 19559899519
> 4991517679 24551417198 43466440.000000
> 11092260.000000 54558704.000000
> 27/04/2009-14:00:00.000000 23574890868
> 5109169305 28684060173 52388644.000000
> 11353708.000000 63742352.000000
> 27/04/2009-15:00:00.000000 21761664067
> 5834251251 27595915318 48359252.000000
> 12965001.000000 61324256.000000
> 27/04/2009-16:00:00.000000 24161715148
> 5922949812 30084664960 53692696.000000
> 13162109.000000 66854808.000000
> 27/04/2009-17:00:00.000000 23003436222
> 4492372342 27495808564 51118744.000000
> 9983048.000000 61101796.000000
> 27/04/2009-18:00:00.000000 11435713134
> 2486263593 13921976727 25412694.000000
> 5525029.000000 30937724.000000
> 27/04/2009-19:00:00.000000 6142658199
> 1634763128 7777421327 13650349.000000
> 3632805.500000 17283156.000000
> 27/04/2009-20:00:00.000000 2377635585
> 922213731 3299849316 5283632.000000
> 2049362.375000 7332996.500000
> 27/04/2009-21:00:00.000000 3329400706
> 674401100 4003801806 7398665.500000
> 1498668.000000 8897335.000000
> 27/04/2009-22:00:00.000000 1568776400
> 720788697 2289565097 3486167.500000
> 1601751.250000 5087920.500000
>
> interface metrics
> BytesIn BytesOut
> Mon Apr 27 05:00:00 23390.387 152500.974
> Mon Apr 27 06:00:00 41009.981 559265.829
> Mon Apr 27 07:00:00 135087.280 674614.462
> Mon Apr 27 08:00:00 271467.261 1964860.180
> Mon Apr 27 09:00:00 686449.192 5002815.168
> Mon Apr 27 10:00:00 1077715.488 6472908.352
> Mon Apr 27 11:00:00 1186174.633 7323689.670
> Mon Apr 27 12:00:00 1232380.087 6576175.580
> Mon Apr 27 13:00:00 903910.123 4618560.018
> Mon Apr 27 14:00:00 1403423.108 5483045.482
> Mon Apr 27 15:00:00 1428080.515 6568581.137
> Mon Apr 27 16:00:00 1640070.165 6043557.655
> Mon Apr 27 17:00:00 1656852.362 6755519.181
> Mon Apr 27 18:00:00 1257393.787 6388033.646
> Mon Apr 27 19:00:00 685312.993 3148833.982
> Mon Apr 27 20:00:00 457994.878 1707114.485
> Mon Apr 27 21:00:00 255553.813 668281.440
> Mon Apr 27 22:00:00 192650.760 929612.043
> Mon Apr 27 23:00:00 197845.619 436765.695
>
>
> Rgds
> Rodney
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090430/109060e4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090430/109060e4/attachment.bin>
More information about the argus
mailing list