Argus 2.0 wishes

[Carter Bullard]

Hey Russell,
   For Argus clients, we already have a configuration
file, of sorts, to support long filter defintions.
Do we want to just extend that with additional
configuration data?

   I really like the idea.  I'll try to come up with
the set of data primitives that we can generate, and
lets see what we have after that.  I'll try to have
it by next week.

Carter

> -----Original Message-----
> From: Russell Fulton [mailto:r.fulton at auckland.ac.nz]
> Sent: Tuesday, March 14, 2000 6:49 PM
> To: argus at lists.andrew.cmu.edu
> Subject: Re: Argus 2.0 wishes
> 
> 
> More wishes ;-)
> 
> I would like to see a argus confirguration file in which on 
> can specify 
> things like timestamp formats (I have patched ra to print dates in a 
> non ambiguous format).  It would also be useful to allow one to set 
> default flags for clients and even, possibly, default output (in a 
> string like strftime). This would be really useful where one 
> is feeding 
> ra output to a perl script e.g. you specify just the data you 
> want and 
> have the fields separated by tabs -- "%T\t%F\t%P\t%S\%s\..."
> 
> %T -- timestamp 
> %F -- flags
> %P -- Protocol
> %S -- source IP
> %s -- source port
> 
> etc.
> 
> in perl:
> 
> while (<RA>) {
>    my ($time, $f, $p, $src, $srcp ... ) = split("\t", $_);
> 
> }
> 
> At the moment I use unpack to split up the record but occasionally 
> fields overflow and then unpack returns garbage for some 
> fields. split 
> should be faster than unpack too.
> 
> I'd be happy to contribute code to parse the config file -- I 
> have done 
> something similar for the netramet project.  (No it isn't in the 
> current release).
> 
> Cheers, Russell.
> 
> 
> 
> 
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20000316/aee790b6/attachment.html>