Problem with -d option
Carter Bullard
carter at qosient.com
Wed Apr 23 08:38:34 EDT 2003
Hey Andrew,
In the argus-clients package you need to specify
that you want to print the user data fields using
the -s option. The -d option modifies the default
number of user bytes to print, which is 32 bytes.
To print 256 bytes of just the user fields:
ra -s user -r argus-eth0.log.1.gz -d 256 - port 80
to print 256 bytes of the user fields appended to
the end of the standard output:
ra -s+user -r argus-eth0.log.1.gz -d 256 - port 80
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Andrew Pollock
> Sent: Wednesday, April 23, 2003 8:20 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Problem with -d option
>
>
> Hi Carter,
>
> With my Debian Argus package maintainer hat on, I've got a user who's
> having issues with the -d option in the ra utility from the
> 2.0.6.beta.39
> release, he's doing this:
>
> ra -r argus-eth0.log.1.gz -d 256 - port 80
>
> and it's acting as if the -d option wasn't supplied, but if
> he downgrades
> to some ancient 2.0.2.alpha.9 version that he had previously, it does
> work.
>
> I haven't tried to reproduce the problem because I'm not
> capturing any of
> the data in packets with Argus.
>
> Andrew
>
More information about the argus
mailing list