Racluster discarding packet loss data
Carter Bullard
carter at qosient.com
Sun Dec 13 17:42:06 EST 2009
Hey Bart.
The flow key that you are using ( -m option) results in you throwing
away
the protocol specific information, which is where the loss statistics
are
kept (tcp retrans, tcp loss, etc....).
Add the "proto" to the flow key mask and you should get your loss back.
racluster -r argus.log -m saddr proto -s loss - tcp and src host
10.10.0.12
If this doesn't do it, send email soon!!!!
Carter
On Dec 13, 2009, at 8:04 AM, Bart Roos wrote:
> Hello everyone,
>
> I am trying to collect packet loss data for a particular host in a LAN
> segment using the following racluster command:
>
> $ racluster -r argus.log -m saddr -s loss - tcp and src host
> 10.10.0.12
> 0
>
> The racluster output does not report any packet loss, but counting the
> packet loss from individual argus records does show some loss:
>
> $ ra -r argus.log -s loss - tcp and src host 10.10.0.12 | \
> awk '{c+=$1;} END {print c;}'
> 217
>
> Why is racluster discarding the packet loss data? Is this a bug, or
> am I
> doing something wrong? I'm running the 3.0.2 server and clients.
>
> Thanks,
> Bart
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091213/8bc61a1a/attachment.bin>
More information about the argus
mailing list