rabins issues in 3.0.7.14

David Edelman dedelman at iname.com
Thu Aug 29 22:31:49 EDT 2013 

I looked at the source for rabins and I don't see where the per bin filename
would be created so in Carter's absence, I suggest that you fall back on the
fact that rabins is a combination of racluster and rasplit.

I did this and it seemed to work just fine:

racluster  -m matrix/24  -r * -w - - ipv4 | rasplit -M time hard  10m -w
"/tmp/archive/%Y/%m/%d/argus.%H.%M.%S"

--Dave


-----Original Message-----
From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
[mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On
Behalf Of Michael Sanderson
Sent: Thursday, August 29, 2013 3:38 PM
To: argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] rabins issues in 3.0.7.14

The manual page for rabins suggests that it will append strftime() formatted
strings to the -w filename when using the time splitmode for -M.  This
doesn't appear to be the case in argus-clients 3.0.7.14 and appears to date
back to at least 3.0.7.6 .

Using the matrix example in the man page (rabins -r * -M hard time 5m -m
matrix -w "/matrix/%Y/%m/%d/argus.%H.%M.%S") adjusted for my paths generates
the following:

argus> rabins -r data.*.gz -M hard time 5m -m matrix -w
"matrix/%Y/%m/%d/argus.%H.%M.%S"
argus> ls -R matrix/
matrix/:
%Y/

matrix/%Y:
%m/

matrix/%Y/%m:
%d/

matrix/%Y/%m/%d:
argus.%H.%M.%S


The example 

argus> rabins -S localhost -m matrix/24 -B 5s -M hard time 10s -p0 -s
+1trans - ipv4

works great - you can see the 10s aggregation boundaries in its output.  But
trying to get it to write to file has the same issue as above.

argus> rabins -S localhost -m matrix -B 5s -M hard time 10s -p0 -w
bins.%H.%M.%S - ipv4

argus> ls bins*
bins.%H.%M.%S


Trying the other examples from the man page:

argus> rabins -r data.gz -M size 1m -s +1dur -m proto -w argus.out - ip
rabins[17371]: 12:23:19.853115 ArgusClientInit: no bin size specified
argus> rabins -r data.gz -M count 1k -m proto -s stime dur proto spkts dpkts
- ip
rabins[17377]: 12:24:16.421496 ArgusClientInit: no bin size specified


Using -M count 1000 and -M size 1000000 generate the same error.

Tested on two different versions of 64-bit OpenSuSE with the same results.

     Michael Sanderson


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6283 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130829/514f1eac/attachment.bin>

More information about the argus mailing list