Shifting ragraph X-axis

Carter Bullard carter at qosient.com
Sun May 5 16:39:56 EDT 2013 

Hey Manaf,
The timestamps in the records are identical to those in the packet capture file.
Any difference you are experiencing is probably a timezone issue.  Print some
of the records using the " -U " option, which prints the time as seconds from
the epoch of time, then use "date -r secs" with one of the seconds outputs to
see if its gives reasonable values.

ra* programs print in localtime(), which uses either the machine timezone or
one specified in the users environment.  So when you want year, month, day,
hour, etc... ra* programs are using your timezone definition, unless you are
having it print the time in GMT, which can be set using the RA_TIME_FORMAT
variable, in the .rarc file.  What timezone are you in?

You can define the zone to be anything you want using the rarc file
configuration variable RA_TZ.  In the example rarc file in ./support/Config,
we provide an example to set the timezone to US Eastern Standard Time,
with Daylight Savings time definitions.

#RA_TZ="EST5EDT4,M3.2.0/02,M11.1.0/02"

You can use this variable, or you can set your own environment variables
to set the timezone to use.

I recommend that you use a personal ~/.rarc file to get the time set the way
you like, then all the ra* programs will do the right thing.

Carter


On May 5, 2013, at 5:24 AM, manaf gharaibeh <manafhgh at yahoo.com> wrote:

>  Hi,
> 
> I used argus to transform and aggregate a set of pcap files into an argus file. The resulting argus file has timestamps that are 2 hours behind the original timestamps when the packets were captured. So a 4pm timestamp would be 2pm in the generated argus file. That's fine, but is there a way to shift the ragraph X-axis (add 2 hours to the lables)? I looked into ragraph options, and ra-options but couldn't find what I need. 
> 
> Thanks, 
> -Manaf

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130505/d8d1b009/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130505/d8d1b009/attachment.bin>

More information about the argus mailing list