racluster.conf problems
Rafael Barbosa
rrbarbosa at gmail.com
Mon Jun 3 08:49:58 EDT 2013
Hi Carter,
I am having problems using the racluster() the latest version (3.0.7.10).
For some reason it seems not to be doing any aggregation if a pass a
configuration file with the "-f" option.
My test is very simple:
ra -L-1 -r flows.argus | wc -l
3047296
racluster -f ~/config/racluster.conf -L-1 -r flows.argus | wc
3047296
Now if I run the same command using the latest stable version (3.0.6):
racluster -f ~/config/racluster.conf -L-1 -r flows.argus | wc -l
238370
The contents of ~/config/racluster.conf:
#Filter:every record, no record status output, record time out 5min
filter="" status=0 idle=300
Is this a bug or am I missing something?
Rafael Barbosa
http://wwwhome.cs.utwente.nl/~barbosarr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130603/1e4b8a8c/attachment.html>
More information about the argus
mailing list