Stangeness - ra / rastrip, etc
elof2 at sentor.se
elof2 at sentor.se
Tue Apr 19 07:59:39 EDT 2011
Carter asked me to put this on the list instead of a private conversation.
(he just fixed a bug where stripped files with nothing to strip generated
a *larger* result file. The same thing happened when running 'ra -r in.log
-w out.log'. out.log would become larger than the original.)
---------- Forwarded message ----------
Date: Tue, 19 Apr 2011 11:33:38 +0200 (CEST)
From: Elof <elof2 at sentor.se>
To: Carter Bullard <carter at qosient.com>
Subject: Re: [ARGUS] Bugs - rastrip, etc
On Mon, 18 Apr 2011, Carter Bullard wrote:
> Hey Martin,
> Just uploaded argus-clients-3.0.5.6. Should fix the file getting bigger.
Nice.
Now a simple 'ra -r foo.log -w foo3.log' generate a file that is slightly
smaller than the original. So the bug that made the file *grow* is fixed.
3751392 Apr 15 12:48 foo.log
3738452 Apr 19 11:21 foo3.log
However, now the result file is a tad bit smaller than the original.
Just a curious question, what is actually rewritten/stripped/purged to
make the output file smaller?
I mean, I would expect that 'ra -r foo.log -w foo3.log' would create an
identical output file as the input.
Another curious question is why the size of foo_vlan.log below is not
exactly the same as the size of foo3.log:
(foo.log contain no vlan-tagged traffic, so nothing is actually stripped)
rastrip -M -vlan -r foo.log -w foo_vlan.log
3751392 Apr 15 12:48 foo.log
3738452 Apr 19 11:21 foo3.log
3738196 Apr 19 11:28 foo_vlan.log
I suspect that 'ra -r foo.log -w foo3.log' and 'rastrip -M -vlan -r
foo.log -w foo_vlan.log' do pretty much the same thing, i.e. nothing, but
apparently the output from the two is not 100% identical.
I'm sure this is not a biggie, I just find it strange. :-)
> Thanks for the data, couldn't have done it without that.
> If you see any other problems, don't hesitate to send email,
Glad I could help.
You know I will. :-)
/Elof
More information about the argus
mailing list