Aggregate statistics off by 1

Carter Bullard carter at qosient.com
Tue Jun 2 03:46:57 EDT 2015 

Yes, in fact you included my email that stated that we don’t count the first MAR.
Do you think we should ???  Seems redundant since the first MAR must be there ??
Carter

> On May 27, 2015, at 5:40 AM, elof2 at sentor.se wrote:
> 
> 
> Hi Carter!
> 
> I investigated this a little bit further.
> 
> I have this logfile with 4 MAR records:
> ra -Zb -M man -nr elof.log | grep -i man
> 10:28:01.149822              man                  0      0 0      0        0        0            0            0           STA
> 10:28:44.149779              man                  0      0 25749      1    69980     2839     28277263            0           CON
> 10:29:44.149756              man                  0      0 25191      1    78426     3104     36560040            0           CON
> 10:30:44.150890              man                  0      0 25060      1   107220     2715     37037618            0           CON
> 
> I concatenate it four times:
> cat elof.log elof.log elof.log elof.log >> elof2.log
> 
> ra -Zb -M man -nr elof2.log | grep -i man
> Now I have 16 MAR records.
> 
> So far everything is sane and logical.
> 
> The file has 38852 flows (I checked with wc -l).
> The file has 16 MAR records.
> Total records should therefore be 38868.
> 
> I now add -A :
> ra -Zb -M man -A -nr elof2.log | tail -1
> Totalrecords 38868     TotalMarRecords 17        TotalFarRecords 38852 TotalPkts 1211504  TotalBytes 462893084
> 
> So, the problem is that TotalMarRecords show 1 too much.
> It should be 16.
> 
> /Elof
> 
> 
> On Tue, 26 May 2015, Carter Bullard wrote:
> 
>> Hey /Elof,
>> We are not counting the first MAR record.  If you were to filter the call using "not man" or "far", it should be correct.  All streams have to have the first MAR record, so didn't think that we should count it ??
>> Carter
>> 
>> 
>> 
>>> On May 26, 2015, at 10:50 AM, elof2 at sentor.se wrote:
>>> 
>>> 
>>> Hi Carter!
>>> 
>>> Just found a silly error.
>>> 
>>> When adding option
>>>      -A  Print aggregate statistics for the input stream on termination.
>>> I get this line:
>>> Totalrecords 26282     TotalMarRecords 12        TotalFarRecords 26271    TotalPkts 1069033  TotalBytes 654980030
>>> 
>>> 
>>> The silly error is that 26271+12=26283, not 26282.
>>> 
>>> 
>>> Very minor, but still wanted you to know. :)
>>> 
>>> /Elof
>>> 
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150602/dd13ea64/attachment.html>

More information about the argus mailing list