Trans field and rahisto

Nick Diel nick at engineerity.com
Thu Jul 23 12:22:15 EDT 2009 

Carter,
This is the error message I see:
<stdout>:1230: error: conflicting types for âargus_get_lengâ
scanner.l:83: error: previous declaration of âargus_get_lengâ was here
<stdout>:3046: error: conflicting types for âargus_get_lengâ
scanner.l:83: error: previous declaration of âargus_get_lengâ was here


Nick

On Thu, Jul 23, 2009 at 10:05 AM, Carter Bullard <carter at qosient.com> wrote:

> Hey Nick,That is an error that comes up
> when there was a problem creating the
> specific library, in the ./common directory.
>
> cd to ./common, and type 'make', and see what the error is there.
>
> Carter
>
> On Jul 23, 2009, at 11:16 AM, Nick Diel wrote:
>
> Carter,
>
> There seems to be a bug in the Makefile for the latest version (beta 10)
> of the argus-clients. Doing a make gives the following error:
>
> make[1]: *** No rule to make target `../lib/argus_common.a', needed by
> `../bin/ra'.  Stop.
>
> This happens for most of the other clients too. For e.g.:
> make[1]: *** No rule to make target `../lib/argus_common.a', needed by
> `radium'.  Stop.
>
> make[1]: *** No rule to make target `../lib/argus_common.a', needed by
> `../bin/radump'.  Stop.
>
> My configure command was:
> ./configure
>
> This worked for the beta 8 version of the argus clients.
>
> Thanks,Nick
>
>
> On Tue, Jul 21, 2009 at 9:19 PM, Carter Bullard <carter at qosient.com>wrote:
>
>> Hey Nick,
>> I just uploaded argus-clients-3.0.2.beta.10.tar.gz with a fix for the
>> 'trans'
>> bug.  Several things wrong, as the AGR DSR, which is where we store
>> the trans statistics, was used by rahisto() to hold its stats, so the fix
>> was
>> slightly obsure, but it should be working now.  Please give it a try.
>>
>> ftp://qosient.com/dev/argus-3.0/argus-clients-3.0.2.beta.10.tar.gz
>>
>> Thanks!!!
>>
>> Carter
>>
>> On Jul 17, 2009, at 2:13 PM, Nick Diel wrote:
>>
>>  HI,
>>>
>>> I have a couple of questions and issues with the trans field.
>>>
>>> First exactly when does Argus set the trans count to 1?  I noticed some
>>> simple 1 packet volleys have a trans count of 0, while other 1 packet
>>> volleys have a trans count of 1.  Of course all the other flows have a trans
>>> count of 1, just curious what differentiates the single packet flows.
>>>
>>> Second, it seems racluster isn't adding up the trans field correctly,
>>> here is an example
>>>
>>> ra -r file.argus -s saddr trans
>>>      27.8.77.166      1
>>>      27.8.77.166      1
>>>      18.9.27.219      1
>>>      18.9.27.219      1
>>>     18.86.96.147      1
>>>     18.86.96.147      1
>>>    19.32.203.136      1
>>>    19.32.203.136      1
>>>
>>> racluster -r file.argus -m saddr -s saddr trans
>>>    19.32.203.136      4
>>>     18.86.96.147      3
>>>      18.9.27.219      4
>>>      27.8.77.166      3
>>>
>>> Also I have been feeding this same data to rahisto and have been seeing
>>> some very strange data.
>>>
>>> If I feed the non racluster file (from above) into rahisto I get:
>>>
>>> rahisto -H trans 5:1 -r file.argus
>>> N = 9       mean = 1.000000  stddev = 0.000000  max = 1  min = 1
>>>           median =        1     95% = 1
>>>  Class           Interval                Freq    Rel.Freq     Cum.Freq
>>>     1   0.000000e+00-1.000000e+00          0     0.0000%      0.0000%
>>>     2   1.000000e+00-2.000000e+00         20   222.2222%    222.2222%
>>>     3   2.000000e+00-3.000000e+00          0     0.0000%    222.2222%
>>>     4   3.000000e+00-4.000000e+00          0     0.0000%    222.2222%
>>>     5   4.000000e+00-5.000000e+00          0     0.0000%    222.2222%
>>>
>>> N is off by 1, should be 8.  Rel. Freq should be 8 not 20, and of course
>>> the percentages are off.
>>>
>>> Next I fed the cluster data into rahisto
>>>
>>> racluster -r file.argus -m saddr -w - | rahisto -r - -H trans 5:1
>>>  N = 8       mean = 3.807943  stddev = 4.015635  max = 12  min = 0
>>>           median = 3.500000     95% = 4
>>>             mode =        3
>>>  Class           Interval                Freq    Rel.Freq     Cum.Freq
>>>     1   0.000000e+00-1.000000e+00          0     0.0000%      0.0000%
>>>     2   1.000000e+00-2.000000e+00          0     0.0000%      0.0000%
>>>     3   2.000000e+00-3.000000e+00          0     0.0000%      0.0000%
>>>     4   3.000000e+00-4.000000e+00          5    62.5000%     62.5000%
>>>     5   4.000000e+00-5.000000e+00 -1798865444   31201273600.0000%
>>>  31201273600.0000%
>>>
>>> N should be 4, mean should 3.5, max should be 4, rel. freq should be 4
>>> not 5, and of course the percentages are off here too.
>>>
>>>
>>> Nick
>>>
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090723/d508b4f4/attachment.html>

More information about the argus mailing list