port numbers missing from argus records
Peter Van Epp
vanepp at sfu.ca
Tue Apr 19 22:03:50 EDT 2005
>
> my problem is not that the port number is null it is missing entirely
> from the delimited output. At the moment I only seem to be dropping
> source ports so I suppose I could check how many tokens I get from ra
> and set $sport to '' if there are less than expected but what happens if
> it starts dropping dest ports too?
>
> I'll have a poke at the code this afternoon and see if I can figure out
> how ra manages to not output the port number.
>
> Russell
Ah, the previous bug which begats the one this fix is for. \t is
broken (as I recall the code \t isn't a valid delimiter I think it really
wants cntrl-I in there) but by that time I had made this change and didn't
worry about it.
RA_FIELD_DELIMITER=','
This works for me (at which point the port number becomes blank on 65565 port
numbers and thus the other fix).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list