Argus giving wrong bytes results ?

Reykjavik hindisvik hindisvik at gmail.com
Mon Jun 7 06:23:23 EDT 2010 

Hello,

Thank you for your answers. I have tried using sapp_bytes and dapp_bytes,
the result downloading a file seems to be correct but it does not fix my
issue : Outbound traffic is not really OK and Inbound is absolutely wrong
(50Mb instead of 100Mb...)

What I would like to do is tu use the result of racount -r
xxx.xxx.xxx.xxx.ra to draw a graph with cacti.
One problem is the ra file will be huge so I'm compelled to rotate it every
5 minutes, and I have to tell Cacti it's a Gauge data source, not a counter
data source.
Has anyone ever tried to do this?
Is there a argus command which will be more appropriated than raccount ?

Before using Argus I was using SNMP with InOctets and OutOctet, and on Linux
deveices I was using Iptables+accounting (which was giving me a COUNTER type
cacti value).

Here is my agent server conf file :

ARGUS_FLOW_TYPE="Bidirectional"
ARGUS_FLOW_KEY="CLASSIC_5_TUPLE"
ARGUS_DAEMON=yes
ARGUS_MONITOR_ID=`hostname`
ARGUS_ACCESS_PORT=561
ARGUS_INTERFACE=eth1
ARGUS_SET_PID=yes
ARGUS_PID_PATH="/var/run"
ARGUS_FLOW_STATUS_INTERVAL=0.5
ARGUS_MAR_STATUS_INTERVAL=60
ARGUS_DEBUG_LEVEL=0
ARGUS_GENERATE_RESPONSE_TIME_DATA=no
ARGUS_GENERATE_PACKET_SIZE=no
ARGUS_GENERATE_JITTER_DATA=no
ARGUS_GENERATE_MAC_DATA=no
ARGUS_GENERATE_APPBYTE_METRIC=yes

Thanx you for your ideas, I'm a bit stuck...

H.


2010/6/7 <carter at qosient.com>

> Also, Argus uses a different definition for source and destination since
> Argus works with flow data not interface data, and that can cause confusion.
>
> What are the differences that you are seeing? How are you running the
> client programs?
>
> Carter
>
> Sent from my Verizon Wireless BlackBerry
> ------------------------------
> *From: * Reykjavik hindisvik <hindisvik at gmail.com>
> *Date: *Sun, 6 Jun 2010 09:31:42 +0200
> *To: *<argus-info at lists.andrew.cmu.edu>
> *Subject: *[ARGUS] Argus giving wrong bytes results ?
>
> Hello,
>
> I would like to use argus to draw graph of bandwidth usage for our network.
> Today, I'm using SNMP which give me a graph of my bandwidth, and I've setup
> Argus which draw the same graph for the same Network Interface but does not
> give me the same results at all...
>
> I can't believe it's a bug but I bet it's just a different way to get the
> packets and maybe there's an option to get the same results as I have with
> SNMP.
>
> For example : When I download a 130Mb File, SNMP show me 130MB, but Argus
> show me much more (maybe be it includes size of header or something that
> SNMP don't...) and for me the result in the right.
> So my question is :
>
> 1) What does exactly makes the difference ?
> 2) Is there a way to get the same results (option or something...)
> 3) Maybe I can recount it after with a math formula to get the same
> results, but which formula ?
>
> Thanx for your ideas.
>
> Best regards,
>
> H.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100607/f62740df/attachment.html>

More information about the argus mailing list