[ARGUS] .rarc changes from 2.0.5 -> 2.0.6
Nick
ngiordano at mitre.org
Fri Jul 30 15:53:39 EDT 2004
We're there changes to .rarc file configurations between versions 2.0.5
and 2.0.6? I am running both versions and my config from 2.0.5 fails in
2.0.6. Are the differences documented anywhere?
I am trying to use:
RA_PRINT_COUNTS=yes
RA_PRINT_UNIX_TIME=yes
RA_FIELD_DELIMITER=','
RA_PRINT_DURATION=no
and it fails on the first and forth lines (but they work fine in
2.0.5). Also, in 2.0.5 when I use ra -nn -r <data> I get a numerical
representation (ie 1,6 and 17) of the protocol, in 2.0.6 I get
icmp,tcp,udp ... Is there a way to force ra to give me the number?
Thanks,
Nick
More information about the argus
mailing list