Racluster discarding packet loss data

Carter Bullard carter at qosient.com
Thu Jan 28 12:46:02 EST 2010 

Hey Bart,
Thanks for reminding me!!!   Yes I believe that it is fixed in the argus-clients-3.0.2
that is the official release.  Its on the server, you can grab it from:
   http://qosient.com/argus

 If you try it out, and its not working, holler.  I'll fix it in 
argus-clients-3.0.3.1, which I will upload early next week.

Carter

On Jan 28, 2010, at 11:51 AM, Bart Roos wrote:

> Hi Carter,
> 
> Did you already manage to fix this particular bug?
> 
> Thanks,
> Bart
> 
> -----Original Message-----
> From: argus-info-bounces+roos=fox-it.com at lists.andrew.cmu.edu [mailto:argus-info-bounces+roos=fox-it.com at lists.andrew.cmu.edu] On Behalf Of Carter Bullard
> Sent: maandag 14 december 2009 16:12
> To: Bart Roos
> Cc: argus-info at lists.andrew.cmu.edu
> Subject: Re: [ARGUS] Racluster discarding packet loss data
> 
> Hey Bart,
> Looks like we've got a bug and I don't have a fix yet, but I do have a
> potential work around for you.
> 
> If you run racluster() using default parameters before running  
> racluster()
> with the flow key modificatons, you'll get loss back (at least for  
> this file).
> 
>    racluster -w -  -r argus.log* | racluster -s +loss -m proto saddr
> 
> There are 3 types of TCP DSR's, and it maybe that the bug is in dealing
> with the loss stats when merging with a TCP matching flow that uses
> a different TCP DSR (that doesn't have loss stats).
> 
> Try this work around, and I'll look for a fix later today,
> 
> Carter
> 
> On Dec 13, 2009, at 8:04 AM, Bart Roos wrote:
> 
>> Hello everyone,
>> 
>> I am trying to collect packet loss data for a particular host in a LAN
>> segment using the following racluster command:
>> 
>> $ racluster -r argus.log -m saddr -s loss - tcp and src host  
>> 10.10.0.12
>>        0
>> 
>> The racluster output does not report any packet loss, but counting the
>> packet loss from individual argus records does show some loss:
>> 
>> $ ra -r argus.log -s loss - tcp and src host 10.10.0.12 | \
>> awk '{c+=$1;} END {print c;}'
>> 217
>> 
>> Why is racluster discarding the packet loss data? Is this a bug, or  
>> am I
>> doing something wrong? I'm running the 3.0.2 server and clients.
>> 
>> Thanks,
>> Bart
>> 
> 
> 

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100128/9b5a9a04/attachment.bin>

More information about the argus mailing list