ra.1 patch against argus-clients-3.0.0.rc.6.tar.gz
Carter Bullard
carter at qosient.com
Thu Jun 15 16:42:20 EDT 2006
Oh, the field specifier in the .rarc is RA_FIELD_SPECIFIER, so
put that in your ra3.conf file.
Carter
On Jun 15, 2006, at 10:53 AM, Peter Van Epp wrote:
> On Thu, Jun 15, 2006 at 10:25:02AM -0400, Carter Bullard wrote:
>> Hey Peter,
>> Well, this doesn't have to be the default list. Do you want
>> spkts dpkts sbytes dbytes?
>>
>> Carter
>>
>>
> I don't think it needs to change, just be documented :-). To do what
> I need (and I don't really need the packet counts, they were just
> there from
> 2.0.6 in the perl script) the -s options work fine. For those using my
> traffic scripts this rather ugly change (but I don't see the -s
> functionality
> in the config file yet) will make it work, apparantly correctly on
> light
> testing so far, with the ra from 3.0 on 2.0.6 input data:
>
> open (IN, "/usr/local/bin/ra -F ${RACONFPATH}ra3.conf -s
> +1lasttime -s
> -pkts -s -bytes -s +9spkts -s +10dpkts -s +11sbytes -s +12dbytes -
> n -r $filenam
> e |")
>
> in both argus_post.pl and argus_summary.pl. It will probably be
> worthwhile
> to dump all the fields in both a 2.0.6 ra and a 3.0 ra and make
> sure they all
> display the same as well. Then it will be time to put a 2.0.6
> collector and
> a 3.0 collector on my regen taps and compare captured output (and/
> or do the
> same with a tcpdump capture from the backbone which has more wierd
> traffic :-)).
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
More information about the argus
mailing list