Manual for man records - MAR fields explained

Peter Van Epp vanepp at sfu.ca
Thu May 28 00:13:53 EDT 2015 

On Wed, May 27, 2015 at 01:43:58PM +0200, elof2 at sentor.se wrote:
> 
> Hi Carter.
> 
> Ok, so I run the same command twice, once with xml and once without:
> 
> # ra -Zb -M man xml -A -nr argus.log -
> <?xml version ="1.0" encoding="UTF-8"?>
> <!--Generated by ra(3.0.8) QoSient, LLC-->
> <ArgusDataStream
>   xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
>   xsi:noNamespaceSchemaLocation =
> "http://qosient.com/argus/Xml/ArgusRecord.3.0.xsd"
>   BeginDate = "2015-05-26T10:39:41.298236" CurrentDate =
> "2015-05-27T11:46:10.400186"
>   MajorVersion = "3" MinorVersion = "0" InterfaceType = "DLT_NULL"
> InterfaceStatus = "Up"
>   ArgusSourceId = "10.200.17.10"  NetAddr = "0.0.0.0"  NetMask =
> "0.0.0.0">
> 
>  <ArgusManagementRecord  StartTime = "2015-05-26T10:58:41.177579"
> Flags = "         " Proto = "man" PktsRcvd = "0" Records = "0"
> BytesRcvd = "0" PktsDropped = "0" State =
> "STA"></ArgusManagementRecord>
>  <ArgusManagementRecord  StartTime = "2015-05-26T10:58:41.177511"
> Flags = "         " Proto = "man" PktsRcvd = "0" Records = "0"
> BytesRcvd = "0" PktsDropped = "0" State =
> "CON"></ArgusManagementRecord>
>  <ArgusManagementRecord  StartTime = "2015-05-26T10:59:41.171511"
> Flags = "         " Proto = "man" PktsRcvd = "0" Records = "0"
> BytesRcvd = "0" PktsDropped = "0" State =
> "CON"></ArgusManagementRecord>
>  <ArgusManagementRecord  StartTime = "2015-05-26T11:00:41.165508"
> Flags = "         " Proto = "man" PktsRcvd = "0" Records = "0"
> BytesRcvd = "0" PktsDropped = "0" State =
> "CON"></ArgusManagementRecord>
>  <ArgusManagementRecord  StartTime = "2015-05-26T11:01:41.159511"
> Flags = "         " Proto = "man" PktsRcvd = "0" Records = "0"
> BytesRcvd = "0" PktsDropped = "0" State =
> "CON"></ArgusManagementRecord>
>  <ArgusManagementRecord  StartTime = "2015-05-26T11:02:41.153510"
> Flags = "         " Proto = "man" PktsRcvd = "0" Records = "0"
> BytesRcvd = "0" PktsDropped = "0" State =
> "CON"></ArgusManagementRecord>
>  Totalrecords 6         TotalMarRecords 7         TotalFarRecords 0
> TotalPkts 0        TotalBytes 0
> </ArgusDataStream>
> <snip>

	Here is my quite old (as in at least 10 years old :-)) cheat sheet 
for man records:

startime: mar.start lasttime: mar.now proto: man saddr: argusid 
sport: version# daddr: nextseq# dport: #flows spkts: RcvdPackets 
dpkts: droppedpackets sbytes: rcvdbytes dbytes: flows_closed 
status: man_status 

I compiled it by searching the argus source (no longer remember what specific
program sorry, perhaps argus_modeler.c?) for MAR ifdefs and then recorded what 
went in to which field in the standard record. It sounds like someone needs to 
do the same on current source and put it in a man page ...

Peter Van Epp

More information about the argus mailing list