Stangeness - ra / rastrip, etc

elof2 at sentor.se elof2 at sentor.se
Tue Apr 19 07:59:39 EDT 2011


Carter asked me to put this on the list instead of a private conversation.

(he just fixed a bug where stripped files with nothing to strip generated 
a *larger* result file. The same thing happened when running 'ra -r in.log 
-w out.log'. out.log would become larger than the original.)

---------- Forwarded message ----------
Date: Tue, 19 Apr 2011 11:33:38 +0200 (CEST)
From: Elof <elof2 at sentor.se>
To: Carter Bullard <carter at qosient.com>
Subject: Re: [ARGUS] Bugs - rastrip, etc


On Mon, 18 Apr 2011, Carter Bullard wrote:
> Hey Martin,
> Just uploaded argus-clients-3.0.5.6.  Should fix the file getting bigger.

Nice.
Now a simple 'ra -r foo.log -w foo3.log' generate a file that is slightly 
smaller than the original. So the bug that made the file *grow* is fixed.
  3751392 Apr 15 12:48 foo.log
  3738452 Apr 19 11:21 foo3.log

However, now the result file is a tad bit smaller than the original.
Just a curious question, what is actually rewritten/stripped/purged to 
make the output file smaller?
I mean, I would expect that 'ra -r foo.log -w foo3.log' would create an 
identical output file as the input.

Another curious question is why the size of foo_vlan.log below is not 
exactly the same as the size of foo3.log:
(foo.log contain no vlan-tagged traffic, so nothing is actually stripped)
rastrip -M -vlan -r foo.log -w foo_vlan.log
  3751392 Apr 15 12:48 foo.log
  3738452 Apr 19 11:21 foo3.log
  3738196 Apr 19 11:28 foo_vlan.log

I suspect that 'ra -r foo.log -w foo3.log' and 'rastrip -M -vlan -r 
foo.log -w foo_vlan.log' do pretty much the same thing, i.e. nothing, but 
apparently the output from the two is not 100% identical.

I'm sure this is not a biggie, I just find it strange. :-)



> Thanks for the data, couldn't have done it without that.
> If you see any other problems, don't hesitate to send email,

Glad I could help.
You know I will. :-)

/Elof



More information about the argus mailing list