Compiling Total Bytes

Wed Mar 25 13:27:42 EDT 2015

Hey James,
Not sure that I understand what you’re trying to accomplish.

You are aggregating records together based on matching the byte counts in the records.
The -m option defines the “key” that is used to match records for aggregation.
So I don’t think your command is doing what you want.

If you just want totals, use the command racount.1

   racount -r argus.00.00

However, racluster.1 can give you the totals you want, and a lot more, but its really designed to provide generic aggregation.

Possibly you want to aggregate all the records into one record from the same sensor ??

   racluster -m srcid -r argus.00.00 -s stime dur srcid svid bytes sbytes dbytes - src vid 98

In this case, we are filtering records based on your 'src vid 98’,
aggregating based on the sensor id, and printing out some useful data
to check to see if (bytes == sbytes + dbytes).

If you wanted to aggregate based on the vids, you can do this:

   racluster -m svid dvid -r argus.00.00 -s stime svid dvid bytes sbytes dbytes

If you want totals for single objects, like vid, you need to tally
the data as if its an “rmon” counter, which is designed to track single objects.
This is tricky if you don’t do it often, and some get confused with it, but try this:

   racluster -M rmon -m svid -r argus.00.00 -s stime svid bytes sbytes dbytes

It may be that you want to know what byte sizes are being used ??
Try using rahisto.1.

   rahisto -H bytes 25:0-10000 -r argus.00.00

If you have any questions, don’t hesitate to send email !!!!

Carter

> On Mar 25, 2015, at 12:59 PM, James Grace <jgrac002 at fiu.edu> wrote:
> 
> Carter,
> 
> That’s better but now it’s spitting out total bytes in a single column, but not all added up. I guess I’ll just have to add it all up using some bash magic.
> 
> racluster -m bytes -r argus.00.00 -s bytes - src vid 98 | tail -n +2 | paste -sd+ - | bc
> 196102248
> 
> Thanks for all your help.
> 
> -james
> 
> 
>> On Mar 24, 2015, at 4:43 PM, Carter Bullard <carter at qosient.com> wrote:
>> 
>> How bout “bytes” ?
>> Carter
>> 
>>> On Mar 24, 2015, at 2:21 PM, James Grace <jgrac002 at fiu.edu> wrote:
>>> 
>>> List,
>>> I’ve got a bunch of argus binaries full of data I’d love to import into Zabbix.  Is there a way to total up the total bytes (source and destination) ?
>>> 
>>> I’ve tried:
>>> 
>>> racluster -m sbytes dbytes -r /flows/argus/Atlanticwave/2015/03/24/argus.10.20 -s sbytes dbytes
>>> 
>>> 
>>> 	 78            0
>>>        66            0
>>>        64            0
>>>        66            0
>>>       156            0
>>>        78            0
>>>        78            0
>>>        78            0
>>>       112            0
>>>        94            0
>>>      4554            0
>>>      4554            0
>>>      4554            0
>>>      1518            0
>>>       114            0
>>>        68            0
>>>      7688            0
>>>      1674            0
>>>      4652            0
>>>      1318            0
>>>       156            0
>>>        90            0
>>>       215            0
>>>       122            0
>>> 
>>> 
>>> And it gets close, it provides two columns with sbytes and dbytes, and I can whip a script up to add it all up, I was just wondering if there was a more “argus-y” way of doing this.
>>> 
>>> Thanks,
>>> james
>>> 
>>> 
>> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150325/2334a869/attachment.sig>