can't get LastTime to print with argus-client
George Nychis
gnychis at cmu.edu
Thu Aug 24 20:32:56 EDT 2006
Hey guys,
I have rc27 of argus and argus-client... i convert a libpcap file to
an argus format file like this:
argus -r my.pcap -w file.argus
then i specify the settings i want in ~/.rarc
RA_PRINT_NAMES=proto
RA_PRINT_UNIX_TIME=yes
RA_USEC_PRECISION=0
RA_PRINT_LABELS=0
RA_PRINT_STARTIME=yes
RA_PRINT_LASTIME=yes
Then i convert to text output, but as you can see, LastTime is missing:
lanthanum-ini traces # ra -r file.argus | head -n 2
StartTime Flgs Proto SrcAddr Sport Dir
DstAddr Dport SrcPkts DstPkts SrcBytes DstBytes State
1103123480 tcp 128.3.164.249.61096 ->
216.165.104.241.25 1 1 62 54 RST
Everything else is correct though.
Thanks!
George
More information about the argus
mailing list