Argus 2.0 wishes
Russell Fulton
r.fulton at auckland.ac.nz
Tue Mar 14 18:49:09 EST 2000
More wishes ;-)
I would like to see a argus confirguration file in which on can specify
things like timestamp formats (I have patched ra to print dates in a
non ambiguous format). It would also be useful to allow one to set
default flags for clients and even, possibly, default output (in a
string like strftime). This would be really useful where one is feeding
ra output to a perl script e.g. you specify just the data you want and
have the fields separated by tabs -- "%T\t%F\t%P\t%S\%s\..."
%T -- timestamp
%F -- flags
%P -- Protocol
%S -- source IP
%s -- source port
etc.
in perl:
while (<RA>) {
my ($time, $f, $p, $src, $srcp ... ) = split("\t", $_);
}
At the moment I use unpack to split up the record but occasionally
fields overflow and then unpack returns garbage for some fields. split
should be faster than unpack too.
I'd be happy to contribute code to parse the config file -- I have done
something similar for the netramet project. (No it isn't in the
current release).
Cheers, Russell.
More information about the argus
mailing list