Duration sum bug
Digital Ninja
dn1nj4 at gmail.com
Mon Mar 21 10:34:15 EDT 2011
I ran across something with racluster v3.0.2 & v3.0.4 that I can't
quite explain and need some help. I have 9 different argus files. I
am running racluster with the following options:
racluster -M rmon -nn -c "," -m saddr proto sport -r <file> -L0 -s
saddr proto sport sbytes dur dbytes - not arp
When I run this command on the 9 files separately, for a single IP I
get something like this:
1.2.3.4,17,53,289,0.47648,213
1.2.3.4,17,53,133,0.015667,117
1.2.3.4,17,53,133,0.014637,117
1.2.3.4,17,53,133,0.014608,117
1.2.3.4,17,53,133,0.015812,117
1.2.3.4,17,53,133,0.015056,117
1.2.3.4,17,53,133,0.015539,117
1.2.3.4,17,53,133,0.015089,117
1.2.3.4,17,53,133,0.015287,96
Summing the bytes and duration columns up, I would expect the totals to be:
1.2.3.4,17,53,1376,0.169343,1128
However, when I run racluster on all 9 files simultaneously (-r <file>
<file> <file>...etc) I get the following results for the above data:
1.2.3.4,17,53,1376,79215.023438,1128
What's going on with the duration field??
Thanks in advance.
More information about the argus
mailing list