[ARGUS] argus-2.0.6 released!!!
Peter Van Epp
vanepp at sfu.ca
Thu May 6 17:35:04 EDT 2004
On Thu, May 06, 2004 at 01:06:32AM -0400, Carter Bullard wrote:
> I suspect that the FIELDS string just wants the entire list, rather
> than relative additions or deletions, but that's just a tired guess.
> I'll check it out tomorrow.
>
> Carter
>
It is actually perfectly happy with relative statements (as I expected
it uses the same code as the command line version) it just wanted the correct
field name: RA_FIELD_SPECIFIER=+2lasttime
On the way by I discovered that both RA_FIELD_SPECIFIER='+2lasttime''
and RA_FIELD_SPECIFIER='+2lasttime' aren't complained about but do cause
blank output which may be a bug.
Then I discovered that -nn to supress the destination port translation
is indeed only available on the command line so I added a new field called
RA_PRINT_DST_PORT_NO=yes
in to argus_parse.c. Setting this to yes suppresses the dst port number to
service translation leaving the port number numeric as -nn on the command line
does. You may wish to change that some, since it currently would (by setting
the value to 2 as the command line does) include RA_PRINT_HOSTNAMES whether it
was set or not (but because it only changes nflag if it is "yes" won't affect
normal operation). This is identical to what the command line does though so
it may only be a documentation point in the rarc man page of the nature
"setting this to yes also sets RA_PRINT_HOSTNAMES=no". There is also a
possible order bug there, because if RA_PRINT_HOSTNAMES were set after
RA_PRINT_DST_PORT_NO the RA_PRINT_DST_PORT_NO change would be lost so if
nflag is already 2 when RA_PRINT_HOSTNAMES executes the value is left at 2
to avoid this problem.
With that change I think I'm back to where I was on the rc2 version
of ra.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
*** common/argus_parse.c.orig Thu May 6 13:43:22 2004
--- common/argus_parse.c Thu May 6 14:33:47 2004
***************
*** 3761,3767 ****
}
! #define ARGUS_RCITEMS 37
#define RA_ARGUS_SERVER 0
#define RA_CISCONETFLOW_PORT 1
--- 3761,3767 ----
}
! #define ARGUS_RCITEMS 38
#define RA_ARGUS_SERVER 0
#define RA_CISCONETFLOW_PORT 1
***************
*** 3800,3805 ****
--- 3800,3806 ----
#define RA_MIN_SSF 34
#define RA_MAX_SSF 35
#define RA_DATABASE 36
+ #define RA_PRINT_DST_PORT_NO 37
char *ArgusResourceFileStr [] = {
***************
*** 3840,3845 ****
--- 3841,3847 ----
"RA_MIN_SSF=",
"RA_MAX_SSF=",
"RA_DATABASE=",
+ "RA_PRINT_DST_PORT_NO"
};
#include <ctype.h>
***************
*** 3998,4007 ****
break;
case RA_PRINT_HOSTNAMES:
! if (!(strncasecmp(optarg, "yes", 3)))
! nflag = 0;
! else
! nflag = 1;
break;
case RA_PRINT_LOCALONLY:
--- 4000,4011 ----
break;
case RA_PRINT_HOSTNAMES:
! if (!(strncasecmp(optarg, "yes", 3))) {
! if (nflag != 2)
! nflag = 0;
! } else
! if (nflag != 2)
! nflag = 1;
break;
case RA_PRINT_LOCALONLY:
***************
*** 4153,4158 ****
--- 4157,4167 ----
}
break;
}
+ case RA_PRINT_DST_PORT_NO: {
+ if (strncasecmp(optarg, "yes", 3))
+ nflag = 2;
+ break;
+ }
}
}
found++;
More information about the argus
mailing list