Time filters
Carter Bullard
carter at qosient.com
Fri Aug 20 10:49:03 EDT 2010
Hey Rafael,
No problem. Glad things are better.
I am putting up a new version of argus-clients-3.0.3 in the next few days that has more
done on the time support for rabins() and ragraph(). You should grab it when I announce
it on this list, as it may help in other things that you may have run into.
Hope all is most excellent!!
Carter
On Aug 20, 2010, at 10:19 AM, Rafael Barbosa wrote:
> Yes I see my error with the -D option. I had also incorrectly changed ragraph() to use a older version of rabins(), thus the problems... It seems that ragraph()/rabins() are working properly with time filters.
>
> Sorry for the incorrect report.
>
> Rafael
>
> On Fri, Aug 20, 2010 at 3:35 PM, <carter at qosient.com> wrote:
> Hey Rafael,
> With ragraph(), the first argument must be the metric you want to graph. With the -D3 that you are using, ragraph() is confused, and it thinks all your parameters are filter.
>
> Now this may not be your problem, but you move the -D option to the right in you commandline options, things will get better.
>
> Ragraph() is a front end to rabins(). You may find it easier to pinpoint problems with ragraph() by running rabins() with the same parameters.
>
>
> Carter
> Sent from my Verizon Wireless BlackBerry
>
> From: Rafael Barbosa <rrbarbosa at gmail.com>
> Date: Fri, 20 Aug 2010 15:13:24 +0200
> To: Carter Bullard<carter at qosient.com>
> Cc: Argus<argus-info at lists.andrew.cmu.edu>
> Subject: Re: [ARGUS] Time filters
>
> Hi,
>
> I finally got some time for some tests. Unfortunately I see the same behavior, I can use time filters with 'ra' but not with 'ragraph':
>
> $ ra -t 2009/01/22 -r file.argus -u
> 1232587373.545959 e tcp XXX <?> YYY 271 65774 CON
> ...
>
> $ date -r 1232587373
> Thu Jan 22 02:22:53 CET 2009
>
> $ ragraph -D5 pkts -M 5min -t 2009/01/22 -r file.argus -title "Total Load" -w pkts-peak.png
> rabins[13409.209c0370ff7f0000]: 15:06:34.878731 ArgusFilterCompile () waiting for filter process 13410 on pipe 3
> rabins[13410.209c0370ff7f0000]: 15:06:34.879060 ArgusFilterCompile () calling argus_lex_init(pkts -M 5min -t 2009/01/22 -r flows/plant-net.argus)
> rabins[13410.209c0370ff7f0000]: 15:06:34.879208 ArgusFilterCompile () calling argus_parse()
> rabins[13409.209c0370ff7f0000]: 15:06:35.078976 ArgusFilterCompile () filter process 13410 terminated
> rabins[13409.209c0370ff7f0000]: 15:06:35.079026 ArgusFilterCompile () child 13410 exited 1
> rabins[13409.209c0370ff7f0000]: 15:06:35.279216 ArgusFilterCompile () done -1
> rabins[13409]: 15:06:35.279266 pkts -M 5min -t 2009/01/22 -r file.argus filter syntax error
> rabins[13409.209c0370ff7f0000]: 15:06:35.280209 ArgusShutDown (-1)
> rabins[13409.209c0370ff7f0000]: 15:06:35.280274 ArgusDeleteQueue (0x500200) returning
> rabins[13409.209c0370ff7f0000]: 15:06:35.280295 ArgusDeleteQueue (0x500260) returning
> rabins[13409.209c0370ff7f0000]: 15:06:35.280463 RaParseComplete(caught signal -1)
> usage: /Users/barbosarr/workspace/argus-clients-3.0.3.17/bin/ragraph metric (srcid | proto [daddr] | dport) [-title "title"] [ra-options]
> /Users/barbosarr/workspace/argus-clients-3.0.3.17/bin/ragraph: unable to create `/var/tmp/tmp.0.OVxUe3.rrd': start time: unparsable time:
>
> Both ra and ragraph are the newest version:
> $ which ra ragraph
> /Users/barbosarr/workspace/argus-clients-3.0.3.17/bin//ra
> /Users/barbosarr/workspace/argus-clients-3.0.3.17/bin//ragraph
>
> Let me know if I can assist you somehow with further tests.
>
> Rafael
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100820/fc26d6ff/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100820/fc26d6ff/attachment.bin>
More information about the argus
mailing list