Trans field and rahisto
Nick Diel
nick at engineerity.com
Thu Jul 23 11:16:35 EDT 2009
Carter,
There seems to be a bug in the Makefile for the latest version (beta 10)
of the argus-clients. Doing a make gives the following error:
make[1]: *** No rule to make target `../lib/argus_common.a', needed by
`../bin/ra'. Stop.
This happens for most of the other clients too. For e.g.:
make[1]: *** No rule to make target `../lib/argus_common.a', needed by
`radium'. Stop.
make[1]: *** No rule to make target `../lib/argus_common.a', needed by
`../bin/radump'. Stop.
My configure command was:
./configure
This worked for the beta 8 version of the argus clients.
Thanks,Nick
On Tue, Jul 21, 2009 at 9:19 PM, Carter Bullard <carter at qosient.com> wrote:
> Hey Nick,
> I just uploaded argus-clients-3.0.2.beta.10.tar.gz with a fix for the
> 'trans'
> bug. Several things wrong, as the AGR DSR, which is where we store
> the trans statistics, was used by rahisto() to hold its stats, so the fix
> was
> slightly obsure, but it should be working now. Please give it a try.
>
> ftp://qosient.com/dev/argus-3.0/argus-clients-3.0.2.beta.10.tar.gz
>
> Thanks!!!
>
> Carter
>
> On Jul 17, 2009, at 2:13 PM, Nick Diel wrote:
>
> HI,
>>
>> I have a couple of questions and issues with the trans field.
>>
>> First exactly when does Argus set the trans count to 1? I noticed some
>> simple 1 packet volleys have a trans count of 0, while other 1 packet
>> volleys have a trans count of 1. Of course all the other flows have a trans
>> count of 1, just curious what differentiates the single packet flows.
>>
>> Second, it seems racluster isn't adding up the trans field correctly, here
>> is an example
>>
>> ra -r file.argus -s saddr trans
>> 27.8.77.166 1
>> 27.8.77.166 1
>> 18.9.27.219 1
>> 18.9.27.219 1
>> 18.86.96.147 1
>> 18.86.96.147 1
>> 19.32.203.136 1
>> 19.32.203.136 1
>>
>> racluster -r file.argus -m saddr -s saddr trans
>> 19.32.203.136 4
>> 18.86.96.147 3
>> 18.9.27.219 4
>> 27.8.77.166 3
>>
>> Also I have been feeding this same data to rahisto and have been seeing
>> some very strange data.
>>
>> If I feed the non racluster file (from above) into rahisto I get:
>>
>> rahisto -H trans 5:1 -r file.argus
>> N = 9 mean = 1.000000 stddev = 0.000000 max = 1 min = 1
>> median = 1 95% = 1
>> Class Interval Freq Rel.Freq Cum.Freq
>> 1 0.000000e+00-1.000000e+00 0 0.0000% 0.0000%
>> 2 1.000000e+00-2.000000e+00 20 222.2222% 222.2222%
>> 3 2.000000e+00-3.000000e+00 0 0.0000% 222.2222%
>> 4 3.000000e+00-4.000000e+00 0 0.0000% 222.2222%
>> 5 4.000000e+00-5.000000e+00 0 0.0000% 222.2222%
>>
>> N is off by 1, should be 8. Rel. Freq should be 8 not 20, and of course
>> the percentages are off.
>>
>> Next I fed the cluster data into rahisto
>>
>> racluster -r file.argus -m saddr -w - | rahisto -r - -H trans 5:1
>> N = 8 mean = 3.807943 stddev = 4.015635 max = 12 min = 0
>> median = 3.500000 95% = 4
>> mode = 3
>> Class Interval Freq Rel.Freq Cum.Freq
>> 1 0.000000e+00-1.000000e+00 0 0.0000% 0.0000%
>> 2 1.000000e+00-2.000000e+00 0 0.0000% 0.0000%
>> 3 2.000000e+00-3.000000e+00 0 0.0000% 0.0000%
>> 4 3.000000e+00-4.000000e+00 5 62.5000% 62.5000%
>> 5 4.000000e+00-5.000000e+00 -1798865444 31201273600.0000%
>> 31201273600.0000%
>>
>> N should be 4, mean should 3.5, max should be 4, rel. freq should be 4 not
>> 5, and of course the percentages are off here too.
>>
>>
>> Nick
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090723/44b3b609/attachment.html>
More information about the argus
mailing list