Racluster ordering
Rafael Barbosa
rrbarbosa at gmail.com
Tue Jul 26 10:35:57 EDT 2011
Hi,
Once again, a question about the ordering of ra() data. I am trying to
obtain unique flows (no status report) using racluster.
$ racluster -r test.argus -w test.argus.merged -f ~/config/racluster.conf
Where racluster.conf simple contais:
filter="" status=0 idle=300
The problem is that while the input is 'stime' ordered, the output is not.
I found the issue at clients 3.0.5.15, but they also appear at the latest
3.0.5.17. I upload an example file "test.argus", that shows the behavior.
Regards,
Rafael Barbosa
http://www.vf.utwente.nl/~barbosarr/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110726/e085fbee/attachment.html>
More information about the argus
mailing list