Duration sum bug
Digital Ninja
dn1nj4 at gmail.com
Mon Mar 21 11:39:35 EDT 2011
(Correction: The duration in the first row should have been 0.047648
not 0.47648)
For the same flags, swapping "mean" for "dur" produces:
1.2.3.4,17,53,1376,0.015230,1128. That seems incorrect as well.
Shouldn't the mean be 0.018815889 (sum all durations/number of
durations)?
On Mon, Mar 21, 2011 at 11:17 AM, Carter Bullard <carter at qosient.com> wrote:
> If you were to print out the 'mean', you should get the value you expect.
> The 'mean', 'max', 'min', and 'stddev' default to track the duration metric.
>
> Carter
>
>
> On Mar 21, 2011, at 10:34 AM, Digital Ninja wrote:
>
>> I ran across something with racluster v3.0.2 & v3.0.4 that I can't
>> quite explain and need some help. I have 9 different argus files. I
>> am running racluster with the following options:
>>
>> racluster -M rmon -nn -c "," -m saddr proto sport -r <file> -L0 -s
>> saddr proto sport sbytes dur dbytes - not arp
>>
>> When I run this command on the 9 files separately, for a single IP I
>> get something like this:
>>
>> 1.2.3.4,17,53,289,0.47648,213
>> 1.2.3.4,17,53,133,0.015667,117
>> 1.2.3.4,17,53,133,0.014637,117
>> 1.2.3.4,17,53,133,0.014608,117
>> 1.2.3.4,17,53,133,0.015812,117
>> 1.2.3.4,17,53,133,0.015056,117
>> 1.2.3.4,17,53,133,0.015539,117
>> 1.2.3.4,17,53,133,0.015089,117
>> 1.2.3.4,17,53,133,0.015287,96
>>
>> Summing the bytes and duration columns up, I would expect the totals to be:
>> 1.2.3.4,17,53,1376,0.169343,1128
>>
>> However, when I run racluster on all 9 files simultaneously (-r <file>
>> <file> <file>...etc) I get the following results for the above data:
>> 1.2.3.4,17,53,1376,79215.023438,1128
>>
>> What's going on with the duration field??
>>
>> Thanks in advance.
>>
>
>
More information about the argus
mailing list