Racluster discarding packet loss data
Carter Bullard
carter at qosient.com
Mon Dec 14 10:11:45 EST 2009
Hey Bart,
Looks like we've got a bug and I don't have a fix yet, but I do have a
potential work around for you.
If you run racluster() using default parameters before running
racluster()
with the flow key modificatons, you'll get loss back (at least for
this file).
racluster -w - -r argus.log* | racluster -s +loss -m proto saddr
There are 3 types of TCP DSR's, and it maybe that the bug is in dealing
with the loss stats when merging with a TCP matching flow that uses
a different TCP DSR (that doesn't have loss stats).
Try this work around, and I'll look for a fix later today,
Carter
On Dec 13, 2009, at 8:04 AM, Bart Roos wrote:
> Hello everyone,
>
> I am trying to collect packet loss data for a particular host in a LAN
> segment using the following racluster command:
>
> $ racluster -r argus.log -m saddr -s loss - tcp and src host
> 10.10.0.12
> 0
>
> The racluster output does not report any packet loss, but counting the
> packet loss from individual argus records does show some loss:
>
> $ ra -r argus.log -s loss - tcp and src host 10.10.0.12 | \
> awk '{c+=$1;} END {print c;}'
> 217
>
> Why is racluster discarding the packet loss data? Is this a bug, or
> am I
> doing something wrong? I'm running the 3.0.2 server and clients.
>
> Thanks,
> Bart
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091214/e87b575b/attachment.bin>
More information about the argus
mailing list