[ARGUS] .rarc changes from 2.0.5 -> 2.0.6
Peter Van Epp
vanepp at sfu.ca
Fri Jul 30 17:09:08 EDT 2004
Yes things changed. Its documented (but not the changes) in the
rarc man page. The RA_PRINT_COUNTS is now part of RA_FIELD_SPECIFIER (and
I think on by default so you can just drop that one.) To get numeric
everything you need a patch, it has actually changed to -nnn for that
functionality in 2.0.6, and I didn't allow for that in the current patch that
I did to allow numeric port numbers so I need to adjust that a bit, I'll do
that and post the patch (by default you can only set -n from the rarc file).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
On Fri, Jul 30, 2004 at 02:53:39PM -0500, Nick wrote:
> We're there changes to .rarc file configurations between versions 2.0.5
> and 2.0.6? I am running both versions and my config from 2.0.5 fails in
> 2.0.6. Are the differences documented anywhere?
>
> I am trying to use:
>
> RA_PRINT_COUNTS=yes
> RA_PRINT_UNIX_TIME=yes
> RA_FIELD_DELIMITER=','
> RA_PRINT_DURATION=no
>
> and it fails on the first and forth lines (but they work fine in
> 2.0.5). Also, in 2.0.5 when I use ra -nn -r <data> I get a numerical
> representation (ie 1,6 and 17) of the protocol, in 2.0.6 I get
> icmp,tcp,udp ... Is there a way to force ra to give me the number?
>
> Thanks,
>
> Nick
>
More information about the argus
mailing list