[ARGUS] Argus Data Struct's

Carter Bullard carter at qosient.com
Mon May 3 23:57:10 EDT 2004 

Hey Glenn,
   Reading FAR records can be slightly confusing, because there
are 3 versions of records that may need to be parsed.  While the
version 3.x data records are the easiest to read, there are still
some issues in parsing them.  And when you add the fact that
the server may want to encrypt records on the wire, it probably
would be best to use the argus-clients strategy to read records.

   If you want to try to read the FARs yourself, first check out
./include/argus_out.h and ./include/argus_def.h.  These files
define the TLV's that are in the FAR argus record.  Here are some hints.
The initial MAR will be 128 bytes long, regardless of what version
of argus you're dealing with.  The last 2 bytes of the MAR will tell
you the length of the FAR records.  A -1 means that there are variable
length records in the stream.

   For variable length records, you need to read the 16 byte Argus
record header, do a ntohs() on the record length field and then read
that many (bytes - 16) the header length.  This is the total record
length.  The FAR record is a collection of Argus DSR's, which are
TLV's (type/length/value structs).  Most have a FAR struct, but not
all, so you need to parse them out pretty carefully.

   The ./common/argus_parse.c routine does everything, so take
a look at what its doing, and try to use ./clients/ratemplate.c
to write your own argus client programs.

Hope this helps!!!!

Carter


-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Glenn MacGregor
Sent: Monday, May 03, 2004 9:01 PM
To: argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] Argus Data Struct's

Hi All,

I am new to argus, great app! I want to write a program which reads in the
argus
file and processes the data, builds a nice screen, etc. I am looking at the
code
which reads the "argus.out" file, it seems more complicated that necessary
(to
me).

I am having a bit of trouble reading the FAR records in. The MAR records
seem to
be fine. I forst read the header (16 bytes) which has a length, I use that
length - sizeof(header) the get the amount of data to read for the data
(body).
This is correct in the case of the MAR record, 112 bytes and sizeof(argus.
argus_mar) is 112 bytes. In the case of the FAR record that I am dealing
with I
have a length of 104, that - 16 is 88. The size of the FAR struct is 72 (88
-16
again).

Am I missing something simple here? Any input would be great!

  Thanks

    Glenn

Glenn MacGregor
HighStreet Networks

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

More information about the argus mailing list