can't get LastTime to print with argus-client
carter at qosient.com
carter at qosient.com
Thu Aug 24 21:25:53 EDT 2006
Hey George,
You are using the old .rarc
Get the new format in the clients
./support/Config directory. Most of the RA_PRINT directives are obsolete!!!
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: George Nychis <gnychis at cmu.edu>
Date: Thu, 24 Aug 2006 20:32:56
To:Argus <argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] can't get LastTime to print with argus-client
Hey guys,
I have rc27 of argus and argus-client... i convert a libpcap file to
an argus format file like this:
argus -r my.pcap -w file.argus
then i specify the settings i want in ~/.rarc
RA_PRINT_NAMES=proto
RA_PRINT_UNIX_TIME=yes
RA_USEC_PRECISION=0
RA_PRINT_LABELS=0
RA_PRINT_STARTIME=yes
RA_PRINT_LASTIME=yes
Then i convert to text output, but as you can see, LastTime is missing:
lanthanum-ini traces # ra -r file.argus | head -n 2
StartTime Flgs Proto SrcAddr Sport Dir
DstAddr Dport SrcPkts DstPkts SrcBytes DstBytes State
1103123480 tcp 128.3.164.249.61096 ->
216.165.104.241.25 1 1 62 54 RST
Everything else is correct though.
Thanks!
George
More information about the argus
mailing list