argus client default timestamp format

Robin Gruyters r.gruyters at yirdis.nl
Tue Jun 20 03:08:16 EDT 2006 

I can live with that! ;)

Regards,

Robin

Quoting Carter Bullard <carter at qosient.com>:

> Hey Eric,
>     Well, the -t option is already taken ;o).
> So you can do most of these things, but not with the -t[t] style of
> command line.
>
> Do not print a timestamp (assuming that we're talking of default).
>    "-s -startime"
>
> To print unformatted timestamp:
>    "-u"
>
> To print day and month (or any format at all)
>    specify in a .rarc formated file the RA_TIME_FORMAT="string"
>    where string is a strftime() directive.
>
> To print timestamp difference between packets
>    we support packet interval reporting but because
>    we are not a packet technology, you're not going to
>    get this one.
>
> To print timestamp difference.
>
>    We haven't talked about supporting this before,
>    So we could support a new print  field "rstartime"
>    and "rlasttime" for relative start time and relative lasttime.
>    This would be relative to the first record that is is the
>    file/stream.
>
>    BUT, we normally provide filter support for the basic keywords,
>    so would we also want filter support for the rstartime?  Like,
>       - rstartime gt 5.45
>
> How's that?
>
> Carter
>
>
>
>
> On Jun 19, 2006, at 12:49 PM, Eric Pancer wrote:
>
>> On Mon, 2006-06-19 at 12:39:30 -0400, Carter Bullard wrote...
>>
>>> So the time format is an option, since you set the format in your
>>> .rarc file, but not on the command line (we're already using so many
>>> letters, just not enough options available).  Tthe only
>>> question is what should the default string be?   Are we happy
>>> with "%T" (this is the format specified by the routine strftime()),
>>> or do we want the date?
>>
>> Hi Carter -
>>
>> Could you follow what tcpdump does?
>>
>> "
>>     -t        Do not print a timestamp on each dump line.
>>
>>     -tt       Print an unformatted timestamp on each dump line.
>>
>>     -ttt      Print day and month in timestamp.
>>
>>     -tttt     Print timestamp difference between packets.
>>
>>     -ttttt    Print timestamp difference since the first packet.
>> "
>>

More information about the argus mailing list