odd ra output with -Zb
Peter Van Epp
vanepp at sfu.ca
Wed Aug 9 17:41:28 EDT 2006
On Thu, Aug 10, 2006 at 09:22:53AM +1200, Russell Fulton wrote:
> HI Carter,
> using argus-clients-3.0.0.rc.23 and running ra with the -Zb (does
> anyone else use this option?) ra appears to display only the source flags.
>
> For these (but not all flows) the output for -Z(b|s|d) appear to be
> identical.
>
> Is this a 'clever' optimization where only one set of flags are
> displayed if the flags are symmetric.
>
> Apart from this and the memory issue with racluster argus 3.0 is running
> well on my busiest sensor.
>
> Cheers, Russell
>
On an quick test some time ago (adding -Zb to both ra2 and ra3 in
the ra_test.pl perl script) 2.0.6 and 3.0 both appeared identical (which isn't
to say right of course) with 2.0.6 input (I haven't even started thinking about
3.0 argus to 3.0 ra yet :-)). That of course may only mean that perl was
truncating them equally too.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list