Hello.
While I was using artsnets to extract some data in a given time period I
noticed that the results get smaller as the time period gets smaller,
and the sum of the smaller periods doesn't add up to the value of the
longer period.
e.g. If I use artsnets with a time period of 6 hours, I would expect
the results to be the same as using artsnets with 2 periods of 3 hours.
But this is not what I'm seeing.
I did several tests and they all had similar results.
This is an actual session (all IPs have been changed):
bash-2.03#
bash-2.03# artsnets -d 192.168.1.1/26 -b "03/31/2001 12:00:00" -e
"03/31/2001 17:59:59"
/var/spool/arts/data/cflowd/192.168.1.254/arts.20010331 |
add-arts-acct.awk -vnet=192.168.1.1/26
10268309 1201325912
bash-2.03#
bash-2.03# artsnets -d 192.168.1.1/26 -b "03/31/2001 18:00:00" -e
"03/31/2001 23:59:59"
/var/spool/arts/data/cflowd/192.168.1.254/arts.20010331 |
add-arts-acct.awk -vnet=192.168.1.1/26
11487391 1347747144
bash-2.03#
bash-2.03# artsnets -d 192.168.1.1/26 -b "03/31/2001 12:00:00" -e
"03/31/2001 23:59:59"
/var/spool/arts/data/cflowd/192.168.1.254/arts.20010331 |
add-arts-acct.awk -vnet=192.168.1.1/26
21939525 2.56788e+09
bash-2.03#
bash-2.03# echo 10268309+11487391 | bc
21755700
bash-2.03# echo 1201325912+1347747144 | bc
2549073056
bash-2.03#
where add-arts-acct.awk is a simple script I wrote to sum packets and
bytes
and discard the rest:
bash-2.03# cat add-arts-acct.awk
#!/usr/local/bin/awk -f
#
BEGIN { pkts = 0; bytes = 0 }
(($1==net) || ($2==net)) { pkts += $3; bytes += $4 }
END { print pkts " " bytes }
bash-2.03#
Can anyone help ?
Thanks
Goncalo
-- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Tue Apr 03 2001 - 04:44:27 PDT