[ARGUS] .rarc changes from 2.0.5 -> 2.0.6

Peter Van Epp vanepp at sfu.ca
Fri Jul 30 17:54:50 EDT 2004 

	A couple of other points I missed last time. I see you have already
dodged the \t as separator bug (\t drops fields in the output). The other one
of note is that ra in command line mode displays a port number of 65535 and
it becomes a blank when you use a config file (Carter is going to make it
consistant in the next fix go around).
	Now to new things. With this patch you have 4 choices for 
RA_PRINT_HOSTNAMES, all, port, protocol, none. as in

RA_PRINT_HOSTNAMES=none

which is the one you want which doesn't translate anything. Protocol translates
protocol but not ports or ip, port adds translation of ports and all does 
all the translations. This dif is against argus-clients-2.0.6.fixes.1
from the /dev directory:

*** common/argus_parse.c.orig	Sat Dec  6 09:42:13 2003
--- common/argus_parse.c	Fri Jul 30 14:41:38 2004
***************
*** 3995,4004 ****
                                break;
   
                             case RA_PRINT_HOSTNAMES:
!                               if (!(strncasecmp(optarg, "yes", 3)))
                                   nflag = 0;
!                               else
!                                  nflag = 1;
                                break;
  
                             case RA_PRINT_LOCALONLY:
--- 3995,4008 ----
                                break;
   
                             case RA_PRINT_HOSTNAMES:
!                               if (!(strncasecmp(optarg, "all", 3))) 
                                   nflag = 0;
!                               else if (!(strncasecmp(optarg, "port", 4)))
!                                     nflag = 1;
!                               else if (!(strncasecmp(optarg, "protocol", 8)))
! 				    nflag = 2;
! 			      else  /* assume the value was "none" */
! 				    nflag = 3;
                                break;
  
                             case RA_PRINT_LOCALONLY:


On Fri, Jul 30, 2004 at 02:53:39PM -0500, Nick wrote:
> We're there changes to .rarc file configurations between versions 2.0.5 
> and 2.0.6?  I am running both versions and my config from 2.0.5 fails in 
> 2.0.6.  Are the differences documented anywhere?
> 
> I am trying to use:
> 
> RA_PRINT_COUNTS=yes
> RA_PRINT_UNIX_TIME=yes
> RA_FIELD_DELIMITER=','
> RA_PRINT_DURATION=no
> 
> and it fails on the first and forth lines (but they work fine in 
> 2.0.5).  Also, in 2.0.5 when I use ra -nn -r <data> I get a numerical 
> representation (ie 1,6 and 17) of the protocol, in 2.0.6 I get 
> icmp,tcp,udp ...  Is there a way to force ra to give me the number?
> 
> Thanks,
> 
> Nick
>

More information about the argus mailing list