Home > Uncategorized > Quick thread: argus measuring load (bytes/sec)

Quick thread: argus measuring load (bytes/sec)

Thread

Hey Jean-marc,
Load is bits / sec, so its ((sbytes * 8) / dur) or ((dbytes * 8)  / dur) or ((bytes * 8) / dur) for sload, dload and
load respectively.
When a status record only has one (1) packet, there won't  be a duration, so the load is zero, but when you
aggregate the records, then presumably you'll get durations.

To validate the values, print out the sbytes, dbytes, and dur, when you print the aggregated values and
compare that with the sload and dload values.
Rate is basically packets / sec, and the same principles apply.

You can run rabins() with some of the parameters you're passing to see what the values should / could be:
   rabins -s stime proto dport dur sbytes sload dbytes dload -m proto dport -M 1s -r files....  - filter

If you want to see where the graph has zero, add " -M zero " so that rabins will generate data when there are no flows.
Hope this helps !!!!

Carter
Advertisements
Tags:
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: