Collecting multiple types of information at once

Martijn van Oosterhout kleptog at gmail.com
Thu Aug 30 03:11:51 EDT 2012


On 30 August 2012 01:39, Carter Bullard <carter at qosient.com> wrote:
> Hey Martijn,
> One thing to consider is the " cont " directive that you can use in racluster.conf.  It may do some of what you are interested in.

Now that is interesting. I don't see "cont" mentioned in the man pages
I found online but I will have to check if that works. Do you know
from which version it is available?

At first glance this would seem to solve the immediate problem,
basically aggregating the same flow in multiple ways. The only part
less obvious is how to determine from the output which line belongs to
which model, though there are a number of options which seem
promising. In combination with rasplit to chunk time intervals this
seems very powerful.

Incidentally, the results of something like this would be read by
another script, and I have noticed for example that the default output
format changed between 3.0.4 and 3.0.6. In particular the timestamp
column gets cut short. Is there a way to ensure the output is always
complete, a sort of batch mode? It seems -c might do it, I'll try that
out as well.

Thanks,

Have a nice day,
-- 
Martijn van Oosterhout <kleptog at gmail.com> http://svana.org/kleptog/



More information about the argus mailing list