packet data capture in argus-clients.b37

Mark Poepping poepping at cmu.edu
Thu Jan 2 18:44:59 EST 2003 

The options have changed in the newer clients (I forget offhand which version
changed them - b22 perhaps?).  Anyway, now there are a bunch of "-s" options
for ordering printed fields.  They are all documented in the new manpages, but
you'll need to change your scripts (or alias the options you want).  All in
all, the new options are *much* more powerful and useful, but the change is a
bit confusing if you didn't get round to reading the 'ChangeLog' (to know what
manpages to diff:-)..

Mark.


> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu [mailto:owner-argus-
> info at lists.andrew.cmu.edu] On Behalf Of David Ressman
> Sent: Thursday, January 02, 2003 4:28 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: packet data capture in argus-clients.b37
> 
> Hi all,
> 
> I've been playing around with the argus-tools beta 37 package, and
> everything appears to work well, except for one.  For some reason,
> it seems to be ignoring the user data capture fields when I ask it
> to print them out with the "-d" option.
> 
> We make extensive use of this option in our production environment (an
> argus-2.0.6b5 server feeding to an argus-2.0.6b1 client).
> 
> I installed the argus-clients package because there was lots of nifty
> stuff in it that I wanted to try out, but when I tried to use the b37
> ra client to read out an argus file written with the 2.0.6b1 client
> (captured by the 2.0.6b5 server) with "ra -nr /some/argus.file -d 64",
> I got all of the flow data, but the user data stuff just wasn't in the
> output.
> 
> I tried using the b37 ra client to capture flow data from the 2.0.6b5
> server, and that worked fine, but I still couldn't access any of the
> user data, I know that the user data was definitely in the files
> because I could read it with the 2.0.6b1 client.  I just can't get
> the b37 client to see the data.
> 
> Does anyone have any ideas as to what's happening?
> 
> Thanks,
> 
> David
> 
> --
> David Ressman                          davidr at uchicago.edu
> Network Security Center, The University of Chicago
> PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml

More information about the argus mailing list