Manual for man records - MAR fields explained
elof2 at sentor.se
elof2 at sentor.se
Tue May 26 05:23:34 EDT 2015
Hi Carter!
In the ra manual I find:
-M man = print management records
...but nowhere can I find any documentation as to what the values in the
MAR records mean.
Example:
ra -AZb -nr out.log -M man
StartTime Flgs Proto SrcAddr Sport Dir DstAddr Dport SrcPkts DstPkts SrcBytes DstBytes State
10:53:41.106578 man 0 0 0 0 0 0 0 0 STA
10:53:41.106508 man 0 0 31 1 0 0 0 0 CON
10:54:41.201507 man 0 0 30 1 0 0 0 0 CON
10:55:41.195511 man 0 0 29 1 0 0 0 0 CON
Totalrecords 4 TotalMarRecords 5 TotalFarRecords 0 TotalPkts 0 TotalBytes 0
I removed the out.log file and waited 6 minutes before running the
command again.
ra -AZb -nr out.log -M man
StartTime Flgs Proto SrcAddr Sport Dir DstAddr Dport SrcPkts DstPkts SrcBytes DstBytes State
11:08:41.117577 man 0 0 0 0 0 0 0 0 STA
11:08:41.117510 man 0 0 25 1 0 0 0 0 CON
11:09:41.111507 man 0 0 25 1 0 0 0 0 CON
11:10:41.105505 man 0 0 25 1 0 0 0 0 CON
11:11:41.200512 man 0 0 25 1 0 0 0 0 CON
11:12:41.194504 man 0 0 25 1 0 0 0 0 CON
Totalrecords 6 TotalMarRecords 7 TotalFarRecords 0 TotalPkts 0 TotalBytes 0
Argus is monitoring a NIC that currently has no link, so zero
packets has been seen.
MAR records are generated, just as they should.
I'm curious as to what the 31, 30, 29 and 25, 25, 25, 25, 25 might be.
And 1, 1, 1, 1, 1 in the Dport field...
...and why they are not all 0, since argus see no packets at all.
Could you please explain all the fields (and then paste the explaination
into the ra manpage)? :-)
/Elof
More information about the argus
mailing list