Time filters

Carter Bullard carter at qosient.com
Fri Jul 9 10:22:17 EDT 2010 

Hey Rafael,
You did find a bug in rabins.c, so this patch fixes the segmentation fault, and I'll have it in
argus-clients-3.0.3.15 when it comes out on Monday.

*** rabins.c	Fri Jul 31 11:50:38 2009
--- rabins.c.new	Fri Jul  9 10:07:49 2010
***************
*** 512,518 ****
              }
  
              for (i = RaBinProcess->index; i < (RaBinProcess->max + 1); i++) {
!                if ((bin = RaBinProcess->array[i]) != NULL) {
                    struct ArgusAggregatorStruct *agg = bin->agg;
                    while (agg) {
                       ArgusSortQueue(ArgusSorter, agg->queue);
--- 512,518 ----
              }
  
              for (i = RaBinProcess->index; i < (RaBinProcess->max + 1); i++) {
!                if ((RaBinProcess->array != NULL) && ((bin = RaBinProcess->array[i]) != NULL)) {
                    struct ArgusAggregatorStruct *agg = bin->agg;
                    while (agg) {
                       ArgusSortQueue(ArgusSorter, agg->queue);


When there are problems like this, it is helpful to run the ra* programs
in debug mode, as the output can reveal the issue.  To do that you need to create
the .debug tag file in the root directory of the distribution, and then reconfigure and remake.
You will know if it is working as the '-D' option will appear when you run "ra -h".

So to test your filter, with the -D option enabled, running ra() at level 5, I get this type of output:

../bin/ra -D5 -t 2009/01/22
ra[52629.205ce670ff7f0000]: 2010/07/09.09:57:46.070326 ArgusParseTime (0x541000, 0x541100, 0x541138,2009,  ) retn 3: 1232514000
ra[52629.205ce670ff7f0000]: 2010/07/09.09:57:46.070374 ArgusCheckTimeFormat (0x70e67960, 2009/01/22) retn 0: 1232514000-1232600400
ra[52629.205ce670ff7f0000]: 2010/07/09.09:57:46.070385 ArgusParseTimeArg (2009/01/22, 4, 0x70e67960)
ra[52629.205ce670ff7f0000]: 2010/07/09.09:57:46.070637 ArgusAddFileList (0x541000, -, 1, -1, -1) returning 1

Which seems correct, so I'm not thinking that the time filter is bad.  (I'm using argus-clients-3.0.2 here)

When I run ra() from argus-client-3.0.2 using your filter for some of my data on your day in question:
   ra -t 2009/01/22 -r argus.2009.06.16.05.00.00

I get all the records in the file printed to standard out, so I can't reproduce your filter problem here.
It maybe that you don't have any records that fall on that day.
Try running with the debug option as I did above, and lets see what your filter sez, and move the
dates around to see if you can get any data at all.

   ra -t 2009/01/19+7d -r file.argus

Carter



On Jul 9, 2010, at 9:40 AM, Rafael Barbosa wrote:

> Hello, 
> 
> I have been trying to use the ra option "-t" to filter my data for some specific periods, and so far I have no luck. My ultimate goal is to identify the start/end of some peaks in my graph, and then identify which peaks are causing it. Two of the tests I tried:
> 
> 1)Plot the graphs with ragraph:
> ragraph pkts -M 5min -p0 -t 2009/01/22  -r file.argus -title "Total Load" -w pkts-peak.png
> 
> I get the following error:
> sh: line 1: 33203 Segmentation fault      /Users/barbosarr/workspace/argus-clients-3.0.2/bin/rabins -M hard zero -p6 -GL0 -s ltime pkts -M 5min -p0 -t 2009/01/22 -r filet.argus > /var/tmp/tmp.0.jYku3e
> usage: /Users/barbosarr/workspace/argus-clients-3.0.2/bin/ragraph metric (srcid | proto [daddr] | dport) [-title "title"] [ra-options]
> /Users/barbosarr/workspace/argus-clients-3.0.2/bin/ragraph: unable to create `/var/tmp/tmp.0.jYku3e.rrd': start time: unparsable time: 
> 
> 2)I also tried the same filter to read and write the argus file with ra:
> ra -t 2009/01/22  -r file.argus -w file.argus2
> 
> No errors are reported, but no file.argus2 is create as well.
> 
> My data spans over a week from some time in 2009/01/19 at some time in 2009/01/26, as verified with ra:
> ra -u -r plant-net.argus | head
> 1232372237.107636  e         tcp         X.X.X.X.ibp      <?>         X.X.X.X.boinc-       10       5240   CON
> ...
> 
> ra -u -r plant-net.argus | tail
> 1232997697.830083  e s       tcp      X.X.X.X.worldf    ->       X.X.X.X.iso-ts        1         74   REQ
> ...
> 
> 1232372237 == Mon, 19 Jan 2009 13:37:17 GMT
> 1232997697 == Mon, 26 Jan 2009 19:21:37 GMT
> 
> Any ideas on what I might be doing wrong?
> 
> Thanks,
> Rafael Barbosa
> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3681 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100709/927f57c4/attachment.bin>

More information about the argus mailing list