[ARGUS] apparant bug in 2.0.6 ...
Carter Bullard
carter at qosient.com
Fri Jun 18 14:42:42 EDT 2004
Hey Peter,
So it may be the FIELD_DELIMITER, if you change it to something
like ',' do the ports come back? We do make exception to the 0xffff
in the port field, but it should still print something.
Carter
-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Peter Van Epp
Sent: Friday, June 18, 2004 2:16 PM
To: argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] apparant bug in 2.0.6 ...
I know you don't want to hear this :-) but it looks like there is a
bug (this is the original release I haven't tried fix.1 yet):
This one is correct I expect:
ra -r archive/2004/06/07/argus.2004.06.07.23.00.00.gz -c -nn host
192.0.0.250
07 Jun 04 23:00:43 f tcp 192.0.0.250.65535 ?>
192.75.245.160.65535 2 0 108 0 TIM
This one has lost the port numbers (because they are all 1s
perhaps?):
%ra -F /data/ra.conf -r archive/2004/06/07/argus.2004.06.07.23.00.00.gz -c
-nn host 192.0.0.250
1086674443.424428 1086674443.511333 f 6 192.0.0.250
?> 192.75.245.160 2 0 108 0 TIM
RA_FIELD_DELIMITER='\t'
RA_PRINT_HOSTNAMES=none
RA_FIELD_SPECIFIER=+1lasttime
RA_PRINT_UNIX_TIME=yes
RA_USEC_PRECISION=6
I tried removing the RA_FIELD_SPECIFIER=+1lasttime but that didn't
help (and thus probably isn't the cause :-)).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list