Dumping user fields with defined byte-sizes (rc4/rc5)
Scott A. McIntyre
scott at xs4all.net
Fri Jun 9 08:20:23 EDT 2006
Hi,
In argus-2, I could:
ra -s +user -n -d128 -r /var/log/argus/argus.log
To get the first 128 bytes of captured user flow data.
The same does not work in argus-3:
/usr/local/argus3/bin/ra -n -n -s +user -d128 -r argus.out
(Yes, that argus.out file is version 3)...
That generates the -h output, prefaced by:
Ra Version 3.0.0.rc.4
usage: ra
usage: ra [options] -S remoteServer [- filter-expression]
usage: ra [options] -r argusDataFile [- filter-expression]
If I add a space after the d:
/usr/local/argus3/bin/ra -n -n -s +user -d 128 -r argus.out
ra[9205]: 06-09-06 14:18:57.993138 128 filter syntax error
And if I remove the -d entirely, it works, but only the first 16
bytes are output by default. ra usage implies it should work:
-d <bytes> print number of <bytes> from user data
capture buffer.
format: num | s<num> | d<num> | s<num>:d<num>
Am I missing something new in argus-3?
Thanks,
Scott
More information about the argus
mailing list