[ARGUS] apparant bug in 2.0.6 ...
Peter Van Epp
vanepp at sfu.ca
Fri Jun 18 15:04:13 EDT 2004
It doesn't come back, but it does at least have a blank field (I need
to do an od of the tab output to see if it does as well, and perl is eating
the extra tabs by accident):
ra -F /data/ra.conf -r archive/2004/06/07/argus.2004.06.07.23.00.00.gz -c -nn host 192.0.0.250
1086674443.424428,f,6,192.0.0.250,,?>,192.75.245.160,,2,0,108,0,TIM
My problem is the port field isn't being recognized by the perl script
so the counts and flags end up in the wrong place. Looks like it is the tab:
ra -F /data/ra.conf -r archive/2004/06/07/argus.2004.06.07.23.00.00.gz -c -nn host 192.0.0.250 | od -c
0000000 1 0 8 6 6 7 4 4 4 3 . 4 2 4 4 2
0000020 8 \t f \t 6 \t 1 9 2 . 0 . 0 . 2 5
0000040 0 \t ? > \t 1 9 2 . 7 5 . 2 4 5 .
0000060 1 6 0 \t 2 \t 0 \t 1 0 8 \t 0 \t T I
tab missing at offset 42 and 64 commas are correct (so I can switch
to comma and it should work). It is somewhat odd (but perhaps a feature?) that
the port number changes when the conf file is in use as opposed to the command
line. I do vaguely remember discussion of this point with Russell at some time
in the past as well.
ra -F /data/ra.conf -r archive/2004/06/07/argus.2004.06.07.23.00.00.gz -c -nn host 192.0.0.250 | od -c
0000000 1 0 8 6 6 7 4 4 4 3 . 4 2 4 4 2
0000020 8 , f , 6 , 1 9 2 . 0 . 0 . 2 5
0000040 0 , , ? > , 1 9 2 . 7 5 . 2 4 5
0000060 . 1 6 0 , , 2 , 0 , 1 0 8 , 0 ,
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
On Fri, Jun 18, 2004 at 02:42:42PM -0400, Carter Bullard wrote:
> Hey Peter,
> So it may be the FIELD_DELIMITER, if you change it to something
> like ',' do the ports come back? We do make exception to the 0xffff
> in the port field, but it should still print something.
>
> Carter
>
More information about the argus
mailing list