Best way to grab summary data from last generated file by rastream
Jesse Bowling
jessebowling at gmail.com
Tue May 7 10:53:55 EDT 2013
Hi Paul,
You're looking for the (as best as I can tell by looking at -h and the
qosient man pages) undocumented '-f' option to rastream...With -f, rastream
will execute the specified script providing the current filename as an
argument...For example:
/usr/local/bin/rastream -M time 5m -B 10s -S ${OUR_IP}:${OUR_PORT} -w
/nsm/argus/data/\$srcid/%Y/%m/%d/argus.%Y.%m.%d.%H.%M.%S -f
/usr/local/bin/argus_postprocess.bash -d
This will wait 10 seconds after the 5 minute mark and then execute
/usr/local/bin/argus_postprocess.bash with an argument of the filename...
There's a sample script in ./support/Config/rastream.sh
You might also check out http://nsmwiki.org/Argus , as this is one of the
only wiki's I know dedicated to argus (although some sections of it could
use updating)... :)
Does that help?
Cheers,
Jesse
On Tue, May 7, 2013 at 9:52 AM, Paul Halliday <paul.halliday at gmail.com>wrote:
> I have rastream processing on hard 5 minute boundaries and I would like to
> create summary data after it closes each file.
>
> flow-capture had a nice option that would let you call an external program
> after it finished spooling a file; do I have an option like this with argus?
>
> I can script it, just curious if there is something built-in.
>
> thanks.
>
> --
> Paul Halliday
> http://www.pintumbler.org/
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130507/e4833730/attachment.html>
More information about the argus
mailing list