ra2 to ra3 test perl script and 2.0.6 patches

Peter Van Epp vanepp at sfu.ca
Sat Aug 19 23:00:10 EDT 2006 

	Attached to this message is a patch set for 2.0.6.fixes-1 (from 
ftp.qosient.com in /dev/argus-2.0/argus-clients-2.0.6.fixes.1.tar.gz) that
change various things to match up better with 3.0. You should probably put
it in something other than /usr/local/bin/ra or use a test machine as it is
somewhat butchered as noted :-). 
	The perl script (along with the 2 config files that print out all 
fields of interest) is then run against a 2.0.6 argus file. It runs both
ra from 2.0.6 (/usr/local/bin/ra by default) and ra 3.0 (/usr/local/bin/ra3
by default) and compares and sometimes modifies the output and prints out 
lines that don't match. This allows testing the 3.0 conversion of 2.0.6 records
(which is of interest to those of us with large 2.0.6 data archives). 

the 2.0.6.patches.tar.gz file contains:

../206clients.argus_client.c.dif        ../206clients.argus_util.c.dif
../206clients.argus_filter.c.dif        ../206clients.argus_util.h.dif
../206clients.argus_parse.c.dif         ../206clients.ethernames.h.dif

and the ra that this produces is what the perl script wants to run as 
/usr/local/bin/ra. Then there are the 2 config files and the perl script.
I don't have any mpls data so that would be one good thing to test out for
someone else. There are undoubtably lots more things too. At present the 
comparisons for direction and state are commented out in the perl script
because they cause too many errors. Instructions are there for enabling them.

It runs like this where rs178.2.argus is an argus 2.0.6 data file.

./ra_test.pl rs178.2.argus | more
flgs2 = s
flgs32 =

line: 1026 fields in error: flgs,
1151432430.055001,1151433528.697155,1,1098.642154,1098.642154,208.38.3.62,142.58
.213.62,esp,0,16248,0,0,52,0,1385072,0,1193096,0,5052,0,10085.70,0.00,4.60,0.00,
0.0000,0.0000,3848370891,qs,0:11:88:5:5d:1d,0:10:db:73:dd:51,->,841639.000000,,I
NT,s[16]="x?`X4........v$.",,,,7469,,,0x0200,,0x5b5f
1151432430.055001,1151433528.697155,1,1098.642154,1098.642212,208.38.3.62,142.58
.213.62,esp,,1532968824,0,,52,,1385072,0,1193096,0,5052,0,10085.700,0.000,4.598,
0.000,0,0,229.97.122.203, v       ,0:11:88:5:5d:1d,0:10:db:73:dd:51,->,841639.00
0000,,INT,s[16]="x?`X4........v$.",,,,7469,,,0x0200,,0x5b5f,

...

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ra_test.pl
Type: application/x-perl
Size: 10314 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060819/28a5e230/attachment.bin>
-------------- next part --------------
RA_FIELD_DELIMITER=','
RA_PRINT_HOSTNAMES=protocol
RA_FIELD_SPECIFIER=time trans dur avgdur saddr daddr proto sport dport stos dtos sttl dttl bytes pkts load srate drate loss srcid ind mac dir sjitter djitter status user win seq mpls vlan ipid 
RA_PRINT_UNIX_TIME=yes
RA_USEC_PRECISION=6
RA_PRINT_LABELS=0
-------------- next part --------------
RA_PRINT_LABELS=0
RA_FIELD_DELIMITER=','
RA_FIELD_SPECIFIER=stime ltime trans dur avgdur saddr daddr proto sport dport stos dtos sttl dttl sbytes dbytes sappbytes dappbytes spkts dpkts srate drate sload dload sloss dloss srcid flgs smac dmac dir sjit djit state suser duser swin dwin seq smpls dmpls svlan dvlan sipid dipid
RA_PRINT_NAMES=proto
RA_TIME_FORMAT="%s"
RA_PRINT_DURATION=no
RA_PRINT_LASTIME=yes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.0.6.patches.tar.gz
Type: application/x-tar-gz
Size: 11051 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060819/28a5e230/attachment-0001.bin>

More information about the argus mailing list