Effects of racluster()
Dave Edelman
dedelman at iname.com
Mon Apr 22 08:37:43 EDT 2013
In general, I do have srcid set in my flow records. If I do not use srcid as
a key for racluster, which srcid is retained if I have simultaneous flow
records with the same keys (asymmetrical routing) that are then aggregated
into a single record?
What is aggregated for suser and duser in racluster output when flow records
are aggregated and my normal setting of a 2048 byte limit is exceeded?
--Dave
More information about the argus
mailing list