rabins zero option
Carter Bullard
carter at qosient.com
Thu May 7 11:01:35 EDT 2009
Hey David,
Yes, I can verify the bug here with some of my data.
Sorry for the inconvenience, I'll try to fix it today.
Carter
On May 5, 2009, at 10:41 AM, David wrote:
> Perhaps I'm not interpreting the zero option correctly but it does
> not appear to work correctly for me in the following case. All data
> is sorted by stime already and I am trying to get hourly/daily byte
> counts as suggested in a previous thread.
>
> I run:
>
> $ rabins -M zero time 1h -R ./data/ - port 22
>
> I have tried passing a specific timerange with -t but I do not get
> zero records. Running in debug mode does not show any of the
> messages which would suggest a zero record had been created. I have
> also tried both hard and soft options. I'm definitely not trying to
> filter on src/dst, which I assume might cause problems if used as
> above.
>
> I'm using the 3.0.2-beta6 clients, should it be possible to get zero
> records as above? That would greatly help with graphing, as the
> "time" axis would be constant (zeros instead of missing records) no
> matter what port filter I use.
>
> If only Excel wasn't so poor at handling mixed date/time columns
> (OpenOffice manages fine, fortunately).
>
> Thanks again.
>
> David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090507/26babf8c/attachment.bin>
More information about the argus
mailing list