Hey CS Lee,

Well lots of things in your email.

All the ra* programs use the same code to attach and read data, so

it is unlikely that there is a problem specific to a given ra* program

when it relates to attaching to remote argi sources.

Try compiling with debug support and running with something like "-D5".

That should tell you enough, I suspect, to see what is going on.

The polling is to see if the remote source is there and running, but

we turned printing management records off by default, so you may need

to turn on the "RA_PRINT_MAN_RECORDS" for the polling to appear to

work ?

As to ratop(), I need a bit more detail than you have provided to understand

what could be the problem.  There are a lot of potential gotchas with curses

based programs on many platforms, so I'll need stuff like the output of the

./configure run, to see what curses did it find, etc....

Hope all is most excellent,

Carter

On Jun 2, 2008, at 11:47 AM, CS Lee wrote:

hi all,

Been a while since I was active here ... hopefully everyone is doing well ;]

I'm using argus 3 release now.

One question, can anyone connect to argus probe in real time using argus client tools except ra. For example -

argus -B 127.0.0.1 -P 561 -i eth1

ra -S 127.0.0.1:561

The ra has no problem, but when I use racluster or other client tools, it seems no output is printed in stdout once it is connected to the argus.

On the other hand, I try the -M poll, it doesn't seem that the client is attaching to the server and exit immediately.

And when i use ratop on freebsd 7, no problem when attaching to the argus probe, but this is not the case on ubuntu gutsy.

Thanks.

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com

Hi Carter,

Thanks for your clue about the configure output for ratop question, it seems that ncurses.h is not there and I need to do

sudo apt-get install libncurses5-dev

And ratop works on Ubuntu now. Thanks for the clue.

The -M poll works now with RA_PRINT_MAN_RECORDS=yes in .rarc, but this config variable is not mentioned in the rarc man page.

I have compiled them with debug now, and will see how it goes.

Thanks.

On Tue, Jun 3, 2008 at 1:21 AM, Carter Bullard <carter <at> qosient.com> wrote:

Hey CS Lee,

Well lots of things in your email.

All the ra* programs use the same code to attach and read data, so

it is unlikely that there is a problem specific to a given ra* program

when it relates to attaching to remote argi sources.

Try compiling with debug support and running with something like "-D5".

That should tell you enough, I suspect, to see what is going on.

The polling is to see if the remote source is there and running, but

we turned printing management records off by default, so you may need

to turn on the "RA_PRINT_MAN_RECORDS" for the polling to appear to

work ?

As to ratop(), I need a bit more detail than you have provided to understand

what could be the problem.  There are a lot of potential gotchas with curses

based programs on many platforms, so I'll need stuff like the output of the

./configure run, to see what curses did it find, etc....

Hope all is most excellent,

Carter

On Jun 2, 2008, at 11:47 AM, CS Lee wrote:

hi all,

Been a while since I was active here ... hopefully everyone is doing well ;]

I'm using argus 3 release now.

One question, can anyone connect to argus probe in real time using argus client tools except ra. For example -

argus -B 127.0.0.1 -P 561 -i eth1

ra -S 127.0.0.1:561

The ra has no problem, but when I use racluster or other client tools, it seems no output is printed in stdout once it is connected to the argus.

On the other hand, I try the -M poll, it doesn't seem that the client is attaching to the server and exit immediately.

And when i use ratop on freebsd 7, no problem when attaching to the argus probe, but this is not the case on ubuntu gutsy.

Thanks.

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com

Hey CS Lee,

I'm glad it cleared up so simply.

Yes there were a few things that we crammed into 3.0.0 before I

froze it, and one of those was to turn off printing Man records by

default.   I kinda liked them myself, but some others found them

distracting.

OK, well I've been busy on real work, but I've had a chance to

get some stuff done on the new argus home web page, so,

hopefully we'll have that done in a few weeks and then I'll

announce argus-3.0.0.

If you find anything else, be sure and send email, so we'll

get it into the archive, and I can address it in argus-3.0.1 when

it cranks up next month.

Hope all is most excellent,

Carter

On Jun 2, 2008, at 2:53 PM, CS Lee wrote:

hi carter,

After debugging is on, I have already figured out my problem using racluster. If I need racluster to report the flow record every 60 seconds, I need to specify status=60 or else racluster won't report them in stdout. That's the reason why I can see ra flows all the time but not racluster.

Thanks!

Sorry for the hassle, your clue is helpeful to me.

On the side note, there's one line in radium man page which need to be corrected -

radium -C -S host1 -S host2 -de `hostname` -P 562

No more -C -S, just -C for cisco netflow.

Cheers ;]

On Mon, Jun 2, 2008 at 6:20 PM, CS Lee <geek00l <at> gmail.com> wrote:

Hi Carter,

Thanks for your clue about the configure output for ratop question, it seems that ncurses.h is not there and I need to do

sudo apt-get install libncurses5-dev

And ratop works on Ubuntu now. Thanks for the clue.

The -M poll works now with RA_PRINT_MAN_RECORDS=yes in .rarc, but this config variable is not mentioned in the rarc man page.

I have compiled them with debug now, and will see how it goes.

Thanks.

On Tue, Jun 3, 2008 at 1:21 AM, Carter Bullard <carter <at> qosient.com> wrote:

Hey CS Lee,

Well lots of things in your email.

All the ra* programs use the same code to attach and read data, so

it is unlikely that there is a problem specific to a given ra* program

when it relates to attaching to remote argi sources.

Try compiling with debug support and running with something like "-D5".

That should tell you enough, I suspect, to see what is going on.

The polling is to see if the remote source is there and running, but

we turned printing management records off by default, so you may need

to turn on the "RA_PRINT_MAN_RECORDS" for the polling to appear to

work ?

As to ratop(), I need a bit more detail than you have provided to understand

what could be the problem.  There are a lot of potential gotchas with curses

based programs on many platforms, so I'll need stuff like the output of the

./configure run, to see what curses did it find, etc....

Hope all is most excellent,

Carter

On Jun 2, 2008, at 11:47 AM, CS Lee wrote:

hi all,

Been a while since I was active here ... hopefully everyone is doing well ;]

I'm using argus 3 release now.

One question, can anyone connect to argus probe in real time using argus client tools except ra. For example -

argus -B 127.0.0.1 -P 561 -i eth1

ra -S 127.0.0.1:561

The ra has no problem, but when I use racluster or other client tools, it seems no output is printed in stdout once it is connected to the argus.

On the other hand, I try the -M poll, it doesn't seem that the client is attaching to the server and exit immediately.

And when i use ratop on freebsd 7, no problem when attaching to the argus probe, but this is not the case on ubuntu gutsy.

Thanks.

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com

Hey CS Lee,

ratemplate.c is there so you can create your own ra* programs.

You modify the Makefile.in in the ./clients directory, by copying

the ratemplate entry, (changing it to be the name of your program),

and then copy the ratemplate.c to your program.c, ./configure;make,

and you should have a template for making your own argus client.

Carter

On Jun 4, 2008, at 2:39 AM, CS Lee wrote:

hi carter,

What's the actual use of ratemplate? I haven't seen any discussion about it though.

Thanks.

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com