ra.1 patch against argus-clients-3.0.0.rc.6.tar.gz
Peter Van Epp
vanepp at sfu.ca
Thu Jun 15 10:53:19 EDT 2006
On Thu, Jun 15, 2006 at 10:25:02AM -0400, Carter Bullard wrote:
> Hey Peter,
> Well, this doesn't have to be the default list. Do you want
> spkts dpkts sbytes dbytes?
>
> Carter
>
>
I don't think it needs to change, just be documented :-). To do what
I need (and I don't really need the packet counts, they were just there from
2.0.6 in the perl script) the -s options work fine. For those using my
traffic scripts this rather ugly change (but I don't see the -s functionality
in the config file yet) will make it work, apparantly correctly on light
testing so far, with the ra from 3.0 on 2.0.6 input data:
open (IN, "/usr/local/bin/ra -F ${RACONFPATH}ra3.conf -s +1lasttime -s
-pkts -s -bytes -s +9spkts -s +10dpkts -s +11sbytes -s +12dbytes -n -r $filenam
e |")
in both argus_post.pl and argus_summary.pl. It will probably be worthwhile
to dump all the fields in both a 2.0.6 ra and a 3.0 ra and make sure they all
display the same as well. Then it will be time to put a 2.0.6 collector and
a 3.0 collector on my regen taps and compare captured output (and/or do the
same with a tcpdump capture from the backbone which has more wierd traffic :-)).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list