argus-clients-3.0.0.rc.8

Peter Van Epp vanepp at sfu.ca
Mon Jun 19 14:06:48 EDT 2006 

	An earlier version of this got shunted to moderator on size (and thus
may appear later :-)) so I'll split this one up a bit. 3 patches against
Argus-clients-3.0.0.rc.8.tar.gz to fix a print label segfault and print enough
fields so the rc.conf file following it works:

*** common/argus_util.c.orig	Sun Jun 18 10:41:45 2006
--- common/argus_util.c	Sun Jun 18 10:42:42 2006
***************
*** 6992,6998 ****
           break;
  
           default: {
!             char tmpbuf[128], *ptr = tmpbuf, *str = parser->RaLabel, lastchr = ' ';
              bzero (tmpbuf, sizeof(tmpbuf));
              lastchr = parser->RaFieldDelimiter;
              while (*str) {
--- 6992,6998 ----
           break;
  
           default: {
!             char tmpbuf[1024], *ptr = tmpbuf, *str = parser->RaLabel, lastchr = ' ';
              bzero (tmpbuf, sizeof(tmpbuf));
              lastchr = parser->RaFieldDelimiter;
              while (*str) {

*** include/argus_client.h.orig	Mon Jun 19 09:31:15 2006
--- include/argus_client.h	Mon Jun 19 09:54:31 2006
***************
*** 112,118 ****
  
  #define ARGUS_MAX_STREAM		1048576
  
! #define ARGUS_MAX_S_OPTIONS	38
  #define ARGUS_MAX_SORT_ALG	45
  #define MAX_SORT_ALG_TYPES	45
  
--- 112,118 ----
  
  #define ARGUS_MAX_STREAM		1048576
  
! #define ARGUS_MAX_S_OPTIONS	46
  #define ARGUS_MAX_SORT_ALG	45
  #define MAX_SORT_ALG_TYPES	45
 
 
*** include/argus_parser.h.orig	Mon Jun 19 09:31:31 2006
--- include/argus_parser.h	Mon Jun 19 09:56:55 2006
***************
*** 51,57 ****
  #define ARGUS_ENCODE_32          2
  #define ARGUS_HEXDUMP            3
  
! #define ARGUS_MAX_S_OPTIONS      38
  
  #define RA_PRINTPROTO		1
  #define RA_PRINTSRCID		2
--- 51,57 ----
  #define ARGUS_ENCODE_32          2
  #define ARGUS_HEXDUMP            3
  
! #define ARGUS_MAX_S_OPTIONS      46
  
  #define RA_PRINTPROTO		1
  #define RA_PRINTSRCID		2

and the config file:

ra3.conf.full

RA_PRINT_LABELS=0
RA_FIELD_DELIMITER=','
RA_FIELD_SPECIFIER=startime lasttime flgs count trans dur avgdur saddr daddr proto sport dport stos dtos sttl dttl sbytes dbytes bytes spkts dpkts pkts sload dload load sloss dloss loss srate drate rate srcid ind mac dir intpkt dintpkt sjit djit jit status user win seq smpls dmpls vlan ipid vid vpri
RA_PRINT_HOSTNAMES=no
RA_TIME_FORMAT="%s"
RA_PRINT_DURATION=no
RA_PRINT_LASTIME=yes

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the argus mailing list