playing with rastrip
Russell Fulton
r.fulton at auckland.ac.nz
Tue Nov 5 16:30:50 EST 2002
Hi All, Finally getting to have a play with the new clients. I have
been playing with rastrip and working out just what is included by
default. rastrip.out.gz is the output from rastrip run without any
flags, when I run ra on this file with -Zb (print TCP flags) it works
fine but with nothing in the status field for tcp session (that's fine),
when I use -zb (print tcp states) I get:
rful011 at ruru:/home/argus$ bin/ra -AIncr rastrip.out.gz -zb
(000) ret #96
I don't think this is what was intended ;-)
BTW rastrip reduced the size of the compressed argus output by around
45% and seems to have all the stuff I really want for long term
archiving.
Thanks Carter!!!
--
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
"It aint necessarily so" - Gershwin
More information about the argus
mailing list