Shifting ragraph X-axis

Carter Bullard carter at qosient.com
Mon May 6 18:12:44 EDT 2013 

Hey Manaf,
Your email made me curious, and I found a bug in rasplit() that
generated an error that could be causing you a problem.

If you could grab the new version of argus-clients-3.0.7.8, which
I'll upload tonight, there is a fix for rasplit() that will get the records
into files without the time shift that you are experiencing.

If you want to fix it yourself, and verify the error, edit your copy
of the ./configure program, in your clients root directory to replace
ARGUS_TM_GMTOFF to be HAVE_TM_GMTOFF.   Then, rerun
./configure, and make.

% cd to your argus-clients root directory
% edit your copy of ./configure
% ./configure
% make clean; make

Then rerun your rasplit(), writing to a new directory, so that you don't
append to any existing data files.  You should find that the records
are now in their correct files.

Sorry for any inconvenience,

Carter


On May 5, 2013, at 4:39 PM, Carter Bullard <carter at qosient.com> wrote:

> Hey Manaf,
> The timestamps in the records are identical to those in the packet capture file.
> Any difference you are experiencing is probably a timezone issue.  Print some
> of the records using the " -U " option, which prints the time as seconds from
> the epoch of time, then use "date -r secs" with one of the seconds outputs to
> see if its gives reasonable values.
> 
> ra* programs print in localtime(), which uses either the machine timezone or
> one specified in the users environment.  So when you want year, month, day,
> hour, etc... ra* programs are using your timezone definition, unless you are
> having it print the time in GMT, which can be set using the RA_TIME_FORMAT
> variable, in the .rarc file.  What timezone are you in?
> 
> You can define the zone to be anything you want using the rarc file
> configuration variable RA_TZ.  In the example rarc file in ./support/Config,
> we provide an example to set the timezone to US Eastern Standard Time,
> with Daylight Savings time definitions.
> 
> #RA_TZ="EST5EDT4,M3.2.0/02,M11.1.0/02"
> 
> You can use this variable, or you can set your own environment variables
> to set the timezone to use.
> 
> I recommend that you use a personal ~/.rarc file to get the time set the way
> you like, then all the ra* programs will do the right thing.
> 
> Carter
> 
> 
> On May 5, 2013, at 5:24 AM, manaf gharaibeh <manafhgh at yahoo.com> wrote:
> 
>>  Hi,
>> 
>> I used argus to transform and aggregate a set of pcap files into an argus file. The resulting argus file has timestamps that are 2 hours behind the original timestamps when the packets were captured. So a 4pm timestamp would be 2pm in the generated argus file. That's fine, but is there a way to shift the ragraph X-axis (add 2 hours to the lables)? I looked into ragraph options, and ra-options but couldn't find what I need. 
>> 
>> Thanks, 
>> -Manaf
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130506/e0470063/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130506/e0470063/attachment.bin>

More information about the argus mailing list