ARGUS Binary Size
Carter Bullard
carter at qosient.com
Mon Aug 4 15:58:13 EDT 2014
Hey James,
Could be you’re seeing a lot of flows. How many flow records are being stored?
% racount -r argus.data.file.5m
Depending on the configuration, a flow record can be anywhere from 100-1K bytes
per record, on the average. Argus output size is not sensitive to packet size,
except when its capturing user data. This is controlled by the
ARGUS_CAPTURE_DATA_LEN variable in the /etc/argus.conf file, if you have one...
What is that set to ????
Carter
On Aug 4, 2014, at 3:50 PM, James Grace <jgrac002 at fiu.edu> wrote:
> Good afternoon List,
>
> I've been collecting traces using argus and rastream off of a DAG8.1SX. The link is running right around 2.3Gb/s. I've been looking into the argus.conf manpage to see if there is a way to limit the packet length stored by rastream or argus.
>
> Right now, if I run argus and rastream with these flags"
>
> #argus -d -i dag0 -P 561
>
> #rastream -S localhost -M time 5m -w /flows/South/%Y/%m/%d/argus.%H.%M -D 3&
>
> I'm getting rather large binaries for 5 minutes -- right around 1GB. I have a feeling its grabbing all 9000bytes of the jumbo frame. Is there a workaround for this?
>
> Thanks a bunch!
>
> James
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140804/d567b666/attachment.sig>
More information about the argus
mailing list