Time window issue

Wed Jun 12 06:14:49 EDT 2013

Rahimeh,

The racluster.csv file looks correct. The reason that the rabins output is
not UTF-8 is the -w that you are using. If you were to use the argus.csv
file as input to one of the clients, it would work since it is a binary file
(all  -w output is binary.) If all that you need is a csv file, then do
something like this:

  rabins -M time 5m -B 10s -m proto sport dport saddr daddr -r
/usr/argus/data/argus.out  -c ',' -n -p 3 -u -Zb -s +ltime +stime +trans
+dur +mean +sco +dco +pkts +spkts +dpkts + bytes > thefile.csv

When you specify +ltime +stime +trans . you are adding those fields to the
existing default set of fields. If you only wish to have those specific
fields in your output, remove the '+' signs and only the listed fields will
appear in the output.

--Dave

From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
[mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On
Behalf Of Rahimeh Khodadadi
Sent: Wednesday, June 12, 2013 2:08 AM
To: argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] Time window issue

Hi Carter,

Thanks for your quick reply.I follow your advices, but when I open file to
read, it is not clear by UTF-8, I attached the file.my command is:

  rabins  -M time 5m  -B 10s -m proto sport dport saddr daddr -r
/usr/argus/data/argus.out -w argus.csv

and If I use command as below, it does works, note that I changed
"ARGUS_FLOW_STATUS_INTERVAL=300", but the features of output file are
replicated, I attached it to mail too:

racluster  -T 300 -B 10 -p 3 -u -Z b -W -| /usr/local/bin/ralabel -r
/usr/argus/data/argus.out - -f /usr/local/argus/ralabel.conf -c "," -M
dsrs=+metric,+agr,+psize,+cocode -n -p 3 -u -Z b -s
"+ltime,+stime,+trans,+dur,+mean,+sco,+dco,+pkts,+spkts,+dpkts,+bytes" >
racluster.csv 

Please help!!!

Thanks in advance,

Rahimeh 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130612/99dcfbd9/attachment.html>