rabins issues in 3.0.7.14
Michael Sanderson
sanders at cs.ubc.ca
Thu Aug 29 15:38:19 EDT 2013
The manual page for rabins suggests that it will append strftime() formatted strings to the -w filename when using the time splitmode for -M. This doesn't appear to be the case in argus-clients 3.0.7.14 and appears to date back to at least 3.0.7.6 .
Using the matrix example in the man page (rabins -r * -M hard time 5m -m matrix -w "/matrix/%Y/%m/%d/argus.%H.%M.%S") adjusted for my paths generates the following:
argus> rabins -r data.*.gz -M hard time 5m -m matrix -w "matrix/%Y/%m/%d/argus.%H.%M.%S"
argus> ls -R matrix/
matrix/:
%Y/
matrix/%Y:
%m/
matrix/%Y/%m:
%d/
matrix/%Y/%m/%d:
argus.%H.%M.%S
The example
argus> rabins -S localhost -m matrix/24 -B 5s -M hard time 10s -p0 -s +1trans - ipv4
works great - you can see the 10s aggregation boundaries in its output. But trying to get it to write to file has the same issue as above.
argus> rabins -S localhost -m matrix -B 5s -M hard time 10s -p0 -w bins.%H.%M.%S - ipv4
argus> ls bins*
bins.%H.%M.%S
Trying the other examples from the man page:
argus> rabins -r data.gz -M size 1m -s +1dur -m proto -w argus.out - ip
rabins[17371]: 12:23:19.853115 ArgusClientInit: no bin size specified
argus> rabins -r data.gz -M count 1k -m proto -s stime dur proto spkts dpkts - ip
rabins[17377]: 12:24:16.421496 ArgusClientInit: no bin size specified
Using -M count 1000 and -M size 1000000 generate the same error.
Tested on two different versions of 64-bit OpenSuSE with the same results.
Michael Sanderson
More information about the argus
mailing list