rastream and %T in -w

Carter Bullard carter at qosient.com
Wed May 8 19:37:50 EDT 2013 

Hey Matt,
Don't forget you need a "-B secs" option for rastream() to work.
If you are reading argus data, set it to 2x your flow status interval.
I haven't used a "-", but it shouldn't make a difference.  I use '.'
Carter

On May 8, 2013, at 7:25 PM, Matt Brown <matthewbrown at gmail.com> wrote:

> Hello Carter,
> 
> Thanks for writing back quickly.
> 
> 
> If I start rastream as follows:
> rastream -S 127.0.0.1:561 -M time 1d -w /var/opt/argus//%Y-%m-%d/argus_%T
> 
> the generated file is named:
> /var/opt/argus//%Y-%m-%d/argus_01:00:00
> 
> 
> As is the case with %H %M and %S == 01 00 and 00
> 
> I pulled these variables from the man page of strftime() http://linux.die.net/man/3/strftime
> 
> 
> I've finally got around to implementing argus in a real way to complement the project flow-inspector, which presents flow data via a web interface using a few d3.js visualizations.  The commit that extends support for the data source of an "rasqlinserted" argus DB can be reviewed: https://github.com/constcast/flow-inspector/commit/e800598c3481c8ec6a44b103d98906668f612546.  It would be great to have an ra* client that would BLPOP() data into a redis queue.  A python script takes in a few IPFIX information elements about the flows and inserts them into a backend DB (mysql, oracle, or mongo).  I've been going back and forth with Lothar Braun who has been quite responsive.
> 
> 
> Thanks again for your help,
> 
> Matt Brown
> 
> 
> 
> On Wed, May 8, 2013 at 3:49 PM, Carter Bullard <carter at qosient.com> wrote:
> Hey Matt,
> Not sure, from your description, what is up.
> So, your calling rastream() against a file or a stream?
> Parameters ?
> 
> Since rastream() gets its time from the records, are those correct?
> 
> Carter
> 
> 
> 
> On May 8, 2013, at 1:52 PM, Matt Brown <matthewbrown at gmail.com> wrote:
> 
> > Hello all,
> >
> > With 3.0.6.2 I am seeing something odd with rastream's -w.
> >
> > It appears to not deal with %T %H %M or %S properly, not returning
> > now(), but starting with 01:00:00 and 01 00 00 respectively.
> >
> > Why is this?
> >
> >
> > Unfortunately gmane's search function seems to not be functioning.
> >
> >
> > Any assistance is appreciated.
> >
> >
> > Thanks,
> >
> > Matt Brown
> >
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130508/78300338/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130508/78300338/attachment.bin>

More information about the argus mailing list