ragator config problems

Carter Bullard carter at qosient.com
Thu May 24 09:46:26 EDT 2001 

Hey Russell,
   Sorry for the delay, I was away on vacation.
The only problem I could find was when I cut/copied/pasted
your ocnfig directly out of the mail.  This had line breaks
due to wrap, and broke in the middle of the first line
comment.  My ragator() saw "DstPort  ModelList Duration"
as a real config line, which is a problem.

   When I removed the line breaks, so that there were only 6
lines in the file , 2 comments, 1 "Flow" descriptor, 1 "Model"
descriptor, and 2 blank lines, everything did fine.

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com 


-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Russell
Fulton
Sent: Sunday, May 20, 2001 9:38 PM
To: argus-info at lists.andrew.cmu.edu
Subject: ragator config problems


I orginally sent this a few days ago but mangled the list address and 
failed to see the bounce message. Before I realised this I went to 
check the archives at The Theory Group to see if there were any 
responses (Carter is so good at responding I figured that something 
must have gone wrong when I did not get any response) and found that 
the archive does not appear to have been updated since March.

Anyway here is the orginal message...

Any idea what is wrong with this ragator config file ?:

#label   id    SrcCIDRAddr        DstCIDRAddr         Proto  SrcPort  
DstPort   ModelList  Duration
Flow     100   130.216.0.0:16           *             tcp      *       
www        210        10000000

# label  id      SrcAddrMask     DstAddrMask      Proto  SrcPort  
DstPort

Model    210   255.255.0.0  255.255.255.255    yes      no      yes

bash-2.04$ bin/ra -w - -r data/current - src net 130.216 and dst port 
80 | bin/ragator -F test-gator 
ragator[83951]: ArgusParseResourceFile (test-gator) syntax error line 2

I hate yacc based parsers that simply print "syntax error"  ;-)

What I am trying to do is aggregate all traffic for each web server 
that our users talk to.  (our management are convinced that our users 
spend all their time at porn sites, I have to refute this idiocy, 
sigh...)


Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

More information about the argus mailing list