[ARGUS] Argus error in packet size and bytes

[Carter Bullard]

Hey Sehan,
There are a few questions to go through …

What version are you using ?  … the current version is 3.0.8.4, be sure and get the latest software releases from https://github.com/openargus <https://github.com/openargus>
How are you running argus ?
How are you running ra ? … 

in your earlier off-list emails, you sent a screenshot where the pkts and bytes fields had no values  … this is normally an argus / client version mismatch problem or you processed the .argus file and stripped the metrics dsr out of the records … getting the latest code should help.  The INT you see is the value for ’state’ field.  To see that the fields are blank, you can print as a CSV …
   % ra -r loic.argus -c ,

Have you processed the files with other ra* commands ???  That could account for the missing metrics values ...

If it is a complete mystery, then if you can share the pcap file that generates the error, I can take a look ...

Carter

> On May 31, 2022, at 6:43 AM, Sehan Samarakoon <sehan6996 at gmail.com> wrote:
> 
> Hi,
> 
> I have been using argus tool to convert a pcap into the argus file format. However, I'm getting an error "ArgusGenerateRecordStruct: pre ARGUS_DATA_DSR len is zero" when I read through the command ra. In addition, I'm also not getting any values for pkts and bytes fields in some of the flows. Instead it prints as INT. 
> 
> I would be really grateful to you if you can tell me if there is any way to overcome this / anything I'm doing wrong? I have been searching through internet for a very long time, only to be unsuccessful. Your response is highly appreciated.
> 
> Thank you
> Best Regards,
> Sehan Samarakoon
> 
> 
> _______________________________________________
> argus mailing list
> argus at qosient.com
> https://pairlist1.pair.net/mailman/listinfo/argus

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20220531/0f34d7e5/attachment.htm>