[ARGUS] Argus error in packet size and bytes

Sehan Samarakoon sehan6996 at gmail.com
Wed Jun 1 09:16:46 EDT 2022 

Hi Dave,
Thanks for the suggestion. I tried it but the issue still persists.

-Sehan

On Tue, 31 May 2022 at 18:20, Dave <dedelman at iname.com> wrote:

> I use this command line on a regular basis to do the conversion from cap
> or pack-ng to the Argus flow format. Try creating the Argus file then read
> that with ra to see if things get better. The -X flag as the first
> parameter sometimes works miracles
>
>
> /usr/local/sbin/argus -X -A -Z -m -R -J -U 2048 -r pcap.pcap -w
> capture.argus
>
> —Dave
>
> On May 31, 2022, at 9:28 AM, Carter Bullard <carter at qosient.com> wrote:
>
> Hey Sehan,
> There are a few questions to go through …
>
> What version are you using ?  … the current version is 3.0.8.4, be sure
> and get the latest software releases from https://github.com/openargus
> How are you running argus ?
> How are you running ra ? …
>
> in your earlier off-list emails, you sent a screenshot where the pkts and
> bytes fields had no values  … this is normally an argus / client version
> mismatch problem or you processed the .argus file and stripped the metrics
> dsr out of the records … getting the latest code should help.  The INT
> you see is the value for ’state’ field.  To see that the fields are
> blank, you can print as a CSV …
>    % ra -r loic.argus -c ,
>
> Have you processed the files with other ra* commands ???  That could
> account for the missing metrics values ...
>
> If it is a complete mystery, then if you can share the pcap file that
> generates the error, I can take a look ...
>
> Carter
>
> On May 31, 2022, at 6:43 AM, Sehan Samarakoon <sehan6996 at gmail.com> wrote:
>
> Hi,
>
> I have been using argus tool to convert a pcap into the argus file format.
> However, I'm getting an error "ArgusGenerateRecordStruct: pre
> ARGUS_DATA_DSR len is zero" when I read through the command ra. In
> addition, I'm also not getting any values for pkts and bytes fields in some
> of the flows. Instead it prints as INT.
>
> I would be really grateful to you if you can tell me if there is any way
> to overcome this / anything I'm doing wrong? I have been searching through
> internet for a very long time, only to be unsuccessful. Your response is
> highly appreciated.
>
> Thank you
> Best Regards,
> Sehan Samarakoon
>
>
> _______________________________________________
> argus mailing list
> argus at qosient.com
> https://pairlist1.pair.net/mailman/listinfo/argus
>
>
> _______________________________________________
> argus mailing list
> argus at qosient.com
> https://pairlist1.pair.net/mailman/listinfo/argus
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20220601/3bcf02be/attachment.htm>

More information about the argus mailing list