possible radium issue

[Phillip Deneault]

I'm running the beta.8 code.  I have a single radium instance collecting 
data from dozens of locations and 3 rasplit processes connecting to that 
radium process, one for 10 minute slices, 1 for hourlies, and 1 for 
dailies.

It *seems* as if the data I'm recording is lower than what I should 
have.  I say this because I get drastically different counts when I 
check locally recorded data vs. radium recorded data.

Please yell at me if I am doing this wrong, I performed the racluster in 
an attempt to normalize the flow counts a little.

Locally recorded data tallies like this.(logs rotated daily, so I picked 
a convenient hour).

# racluster -t 14 -M norep -r /var/log/argus/argus.out -w - | racount -r -
racount   records     total_pkts     src_pkts       dst_pkts 
total_bytes        src_bytes          dst_bytes
     sum   52385       134978         134813         165 
9982211            9970637            11574

However, when I run a tally on the hourlies and the slices collected by 
radium, I get two different flow counts, neither of which come anywhere 
close.

(SLICES)
# racluster -M norep -r argus-07.08.2009-14.50.00.out 
argus-07.08.2009-14.40.00.out argus-07.08.2009-14.30.00.out 
argus-07.08.2009-14.20.00.out argus-07.08.2009-14.10.00.out 
argus-07.08.2009-14.00.00.out -w - | racount -r -
racount   records     total_pkts     src_pkts       dst_pkts 
total_bytes        src_bytes          dst_bytes
     sum   631         1920           1397           523 
507980             210286             297694

(HOURLIES)
# racluster -M norep -r argus-07.08.2009-14.00.00.out -w - | racount -r -
racount   records     total_pkts     src_pkts       dst_pkts 
total_bytes        src_bytes          dst_bytes
     sum   252         447            348            99 
95012              57022              37990

Is this a bug, or me doing something wrong?

Thanks,
Phil