Argus giving wrong bytes results ?

Carter Bullard carter at qosient.com
Fri Jul 9 16:49:15 EDT 2010 

Is that with argus-clients-3.0.3.14 ?
Carter

On Jul 9, 2010, at 3:28 PM, Mike Tancsa wrote:

> At 03:12 PM 7/9/2010, Carter Bullard wrote:
> 
>> Can you do me a favor?  Could you have ra() collect enough of the records,
>> rather than the current radium() -> racluster() to see if the bug is in writing
>> the records out or reading them in.  Also, if you could just have ra() print the
>> netflow records rather than writing them to disk, may indicate that it doesn't
>> have an error in converting the netflow to argus, but writing the records to
> 
> 
> Hi Carter,
>        It shows up quite quickly this way (IP addresses changed)
> 
> # ra -L0 -n -Zb -C 192.168.1.81:9995
>         StartTime    Flgs  Proto            SrcAddr  Sport   Dir         DstAddr  Dport  TotPkts   TotBytes State
>   15:25:49.846000 Ne         tcp     192.168.1.81.53812     ->      10.8.9.1.9010 36028797 1059274779 FSPA_
>   15:25:37.998000 Ne        icmp     192.168.1.81.771       ->     192.168.1.82.0 72057594 4035225266   URP
>   15:25:51.566000 Ne         tcp     192.168.1.81.57886     ->      10.8.9.1.9010 36028797 9367768699 FSPA_
>   15:25:52.926000 Ne         tcp     192.168.1.81.50378     ->      10.8.9.1.9010 36028797 7998674413 FSPA_
>   15:25:53.662000 Ne         tcp     192.168.1.81.50826     ->      10.8.9.1.9010 36028797 7998674413 FSPA_
>   15:25:55.966000 Ne         tcp     192.168.1.81.58986     ->      10.8.9.1.9010 36028797 1052069020 FSPA_
>   15:25:56.282000 Ne         tcp     192.168.1.81.57899     ->      10.8.9.1.9010 36028797 1044863261 FSPA_
>   15:25:56.914000 Ne         tcp     192.168.1.81.61121     ->      10.8.9.1.9010 36028797 1059274779 FSPA_
>   15:25:59.270000 Ne         tcp     192.168.1.81.53056     ->      10.8.9.1.9010 36028797 1052069020 FSPA_
>   15:25:58.546000 Ne         tcp     192.168.1.81.62492     ->      10.8.9.1.9010 36028797 8431019977 FSPA_
>   15:25:59.814000 Ne         tcp     192.168.1.81.54551     ->      10.8.9.1.9010 36028797 1059274779 FSPA_
>   15:26:00.878000 Ne         tcp     192.168.1.81.56269     ->      10.8.9.1.9010 36028797 1059274779 FSPA_
> 
> 
> 
>        ---Mike
> 
> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3681 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100709/5cd77f34/attachment.bin>

More information about the argus mailing list