rasqlinsert data sometimes show negatives values with the flow duration field

[John Gerth]

Note that the ltime,stime fields appear to be unix timestamps (seconds since 1970-01-01)
Below is the source for a little shell script that takes such a value and prints is a datestamp, e.g.
    ut2date 1274503174.403156
2010-05-22 04:39:34 UTC
2010-05-21 21:39:34 -0700

If that's right, this might help you figure out an appropriate timespec for "ra"

/J

****** ut2date
#!/bin/bash
date -u -d "1970-01-01 UTC +  $1 seconds" +"%Y-%m-%d %T %Z"
date -d "1970-01-01 UTC +  $1 seconds" +"%Y-%m-%d %T %z"


On 10/13/2010 3:54 PM, Javier Almillategui wrote:
> Hi John,
> 
> I do have the argus generated file, but it's a 100+ GB file. In any case there are only 54 Iistances of negative numbers in 600+ million flows. I'll see if I can track Down the specific instances in the argus file.
> 
> Best,  
> 
> Javier Almillategui
> Center for Secure Information Systems
> George Mason University
> Mobile: (703)309-2060
> Email: jalmilla at gmu.edu
> 
> On Oct 13, 2010, at 18:38, John Gerth <gerth at graphics.stanford.edu> wrote:
> 
>> Since every dur is negative, it sure looks to me like ltime and stime have just been reversed.
>>
>> That's certainly plausible for RaTable1.csv:
>> "dur","m.ltime-m.stime","ltime","stime"
>> -34.945637,-34.945638,1274503174.403156,1274503209.348794
>> -54.968819,-54.968817,1274503174.403156,1274503229.371973
>> -74.971649,-74.971647,1274503174.403156,1274503249.374803
>> -94.977325,-94.977324,1274503174.403156,1274503269.380480
>> -135.011322,-135.011322,1274503174.403156,1274503309.414478
>> -50.424545,-50.424546,1274574493.462583,1274574543.887129
>> -306.942017,-306.942014,1274574493.462583,1274574800.404597
>> -608.694763,-608.694792,1274585461.456646,1274586070.151438
>> -8.358950,-8.358950,1274586143.223903,1274586151.582853
>>
>> Do you have outputs from "ra" itself rather than the database?
>>
>> /J
>>


-- 
John Gerth      gerth at cs.stanford.edu  Gates 378   (650) 725-3273  fax 723-0033