RE: The double-counting saga

So are you getting two duplicate records or are you getting
records with 2x counts?  The duplicate records are easy
to remove, we could write a simple client to
adjust the counts and bytes.

Carter

> -----Original Message-----
> From: owner-argus-info <at> lists.andrew.cmu.edu 
> [mailto:owner-argus-info <at> lists.andrew.cmu.edu] On Behalf Of 
> Andrew Pollock
> Sent: Monday, March 31, 2003 11:45 PM
> To: argus-info <at> lists.andrew.cmu.edu
> Subject: The double-counting saga
> 
> 
> Sigh.
> 
> We have gotten to the bottom of the problem, it would seem.
> 
> The problem would appear to be specific to Debian's Argus 
> implementation
> (predating my maintenance of the packages) whereby the 
> /etc/init.d/argus
> script is invoking Argus with a -F /etc/argus.conf, but Argus is also
> compiled with /etc/argus.conf as it's config file, so it's essentially
> reading the configuration twice, once implicitly and once explicitly,
> hence it opens the specified interface twice, and counts 
> everything twice.
> 
> Is there an easy way to remove duplicates from existing Argus logs?
> 
> Andrew
>