Argus management records: how to control the frequency?
Richard Rothwell via Argus-info
argus-info at lists.andrew.cmu.edu
Tue Jul 5 21:44:26 EDT 2016
Hi Carter,
the rabins command line is this:
/usr/local/bin/rabins -S 10.169.13.231:562 -M time 60s -B 60s -f /db/farm/elephant/racluster.conf -F /db/farm/elephant/rarc
So a B value is defined. This seems to work for Netflow 9, well mostly.
I have previously used ratop on the front of the data processing pipeline to verify that for rabins the number of input records is much the same as the number of output records.
Today ratop sees about 1000 rps for Netflow 9 and 1500 rps for netflow 5 coming out of nprobe.
Today ratop sees about 1000 rps for Netflow 9 and 1500 rps for netflow 5 coming out of radium when it is receiving from nprobe.
InSight is seeing about 60000 records per batch delimited by man STOP records, which I think means per minute, when processing a Netflow 9 data stream so that makes sense.
However when rabins sees the Netflow 5 data stream it seems to accumulate for about 5 minutes and InSight sees 500,000 records.
It seems rabins is not taking any notice of –B 60s when processing Netflow 5 data.
Attempting to use radium directly, bypassing nprobe, does not work.
The command:
sudo /usr/local/sbin/radium -S ipfix://any:9412 -d -e 12 -P 562 -- local dur lte 300
runs, but does not process any incoming data. It looks like ipfix is not yet working.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160706/e1e67b21/attachment.html>
More information about the argus
mailing list