Multi file processing by clients

Peter Van Epp vanepp at sfu.ca
Fri Sep 8 10:32:35 EDT 2000 

> 
> Gentle people,
>    So I'd like to get an opinion about how to support
> multifile reads for argus clients.  This problem arises
> because of our switch strategy, part of which we borrowed
> from tcpdump(),  -r for file, -S for socket and if neither,
> read from stdin.
> 
> An ideal way of dealing with multiple input files would
> be to use the shell expansion. An example would be:
> 
>    ra -ncr *.gz

	For maximum flexability I'd rather see the capability to read the
argus files from a file. That way I can tailor (not that I necessarily know
why I might want to :-)) the exact set of files that are being read. For
example in this one that processes the entire months worth of log files:

dmz.argus.2000_08_01_00_00.gz
dmz.argus.2000_08_01_06_30.gz
dmz.argus.2000_08_02_00_00.gz
dmz.argus.2000_08_02_06_30.gz
dmz.argus.2000_08_03_00_00.gz
dmz.argus.2000_08_03_06_30.gz
dmz.argus.2000_08_04_00_00.gz
dmz.argus.2000_08_04_06_30.gz
...

Could be replaced by this one which only does the segments between 6:30 and
midnight if there was a reason I wanted too. Shell expansion would get the 
list above (an ls is how I created the file in the first place) but couldn't
generate the one below unless I moved files around. The down side is (although
I think its a minor one) unless we also allow command line expansion as we 
do now with multiple -r commands you need to create a file of files to do more
than one. I'd suggest the current multiple -r syntax with a command line 
switch (is -f used? probably ...) that will switch the current internal -r 
loop from reading argv to reading from a file which would give us the best
of both worlds at relatively little work. What do other folks think?

dmz.argus.2000_08_01_06_30.gz
dmz.argus.2000_08_02_06_30.gz
dmz.argus.2000_08_03_06_30.gz
dmz.argus.2000_08_04_06_30.gz
...

	As to the quietness of the list, start of semester has hit here and 
I've been swamped. I haven't managed to load the latest tar file yet, hopefully
this weekend (I'm typing this while I'm first in before the crisis have found
me yet :-) ).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the argus mailing list