argus-clients-3.0.0.rc.8
Peter Van Epp
vanepp at sfu.ca
Sun Jun 18 14:36:17 EDT 2006
Since this looks to be as far as I'm going to get today here is a patch
against argus-clients-3.0.0.rc.8 that stops a seg fault in label printing when
the number of tags get large and a first cut at compatibiliy between v2 and v3
on 2,0,6 input data (mostly via ra.conf files):
*** common/argus_util.c.orig Sun Jun 18 10:41:45 2006
--- common/argus_util.c Sun Jun 18 10:42:42 2006
***************
*** 6992,6998 ****
break;
default: {
! char tmpbuf[128], *ptr = tmpbuf, *str = parser->RaLabel, lastchr = ' ';
bzero (tmpbuf, sizeof(tmpbuf));
lastchr = parser->RaFieldDelimiter;
while (*str) {
--- 6992,6998 ----
break;
default: {
! char tmpbuf[1024], *ptr = tmpbuf, *str = parser->RaLabel, lastchr = ' ';
bzero (tmpbuf, sizeof(tmpbuf));
lastchr = parser->RaFieldDelimiter;
while (*str) {
--- end patch ---
Then a 5 patch set against argus-clients-2.0.6.fixes.1 (all of which
have been on the list previously so if you are up to date you don't need these)
that fix up printing on 2.0.6 so we can compare apples to apples as much as
possible:
*** common/argus_client.c.orig Mon Feb 13 20:32:51 2006
--- common/argus_client.c Sun Feb 26 20:48:51 2006
***************
*** 69,74 ****
--- 69,78 ----
RaPrintDate = 0;
for (x = 0; x < MAX_PRINT_ALG_TYPES; x++) {
if (!strncmp (RaPrintKeyWords[x], soption, strlen(RaPrintKeyWords[x]))) {
+ if (x == 0) {
+ RaPrintStartTime = 1;
+ RaPrintLastTime = 1;
+ }
if (x < 3) RaPrintDate++;
switch (RaOptionOperation) {
case RA_ADD_OPTION:
***************
*** 3090,3096 ****
}
if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) {
! char tmpbuf[128], *ptr = tmpbuf, *str = RaLabel, lastchr = ' ';
bzero (tmpbuf, sizeof(tmpbuf));
lastchr = RaFieldDelimiter;
--- 3094,3100 ----
}
if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) {
! char tmpbuf[1024], *ptr = tmpbuf, *str = RaLabel, lastchr = ' ';
bzero (tmpbuf, sizeof(tmpbuf));
lastchr = RaFieldDelimiter;
***************
*** 3120,3127 ****
{
if (lflag)
ArgusPrintLastDateLabel (buf);
! else
ArgusPrintStartDateLabel (buf);
}
--- 3124,3133 ----
{
if (lflag)
ArgusPrintLastDateLabel (buf);
! else {
ArgusPrintStartDateLabel (buf);
+ ArgusPrintLastDateLabel (buf);
+ }
}
***************
*** 3448,3454 ****
if (len & 0x01)
sprintf(&buf[strlen(buf)], " ");
}
! }
}
void
--- 3454,3461 ----
if (len & 0x01)
sprintf(&buf[strlen(buf)], " ");
}
! } else
! sprintf (&buf[strlen(buf)], " srcUdata%cdstUdata ", RaFieldDelimiter);
}
void
*** common/argus_filter.c.orig Wed Mar 26 20:26:54 2003
--- common/argus_filter.c Tue Sep 7 13:50:52 2004
***************
*** 3954,3960 ****
while (table->name)
table = table->nxt;
! if (nflag > 1) {
char buf[32];
(void)sprintf(buf, "%d", port);
--- 3954,3960 ----
while (table->name)
table = table->nxt;
! if (nflag > 2) {
char buf[32];
(void)sprintf(buf, "%d", port);
***************
*** 4143,4149 ****
f_netmask = mask;
}
! if (nflag > 1)
/*
* Simplest way to suppress names.
*/
--- 4143,4149 ----
f_netmask = mask;
}
! if (nflag > 2)
/*
* Simplest way to suppress names.
*/
*** common/argus_parse.c.orig Sat Dec 6 09:42:13 2003
--- common/argus_parse.c Tue Sep 7 13:51:03 2004
***************
*** 3995,4004 ****
break;
case RA_PRINT_HOSTNAMES:
! if (!(strncasecmp(optarg, "yes", 3)))
nflag = 0;
! else
! nflag = 1;
break;
case RA_PRINT_LOCALONLY:
--- 3995,4008 ----
break;
case RA_PRINT_HOSTNAMES:
! if (!(strncasecmp(optarg, "all", 3)))
nflag = 0;
! else if (!(strncasecmp(optarg, "port", 4)))
! nflag = 1;
! else if (!(strncasecmp(optarg, "protocol", 8)))
! nflag = 2;
! else /* assume the value was "none" */
! nflag = 3;
break;
case RA_PRINT_LOCALONLY:
*** common/argus_util.c.orig Sat Dec 6 09:43:56 2003
--- common/argus_util.c Sun Feb 26 20:14:06 2006
***************
*** 909,915 ****
void
ArgusPrintStartDate (char *date, struct ArgusRecord *ptr)
{
- char delim = ' ';
struct timeval *tvp = NULL;
if (ptr->ahdr.type & ARGUS_MAR)
--- 909,914 ----
***************
*** 917,932 ****
else
tvp = &ptr->argus_far.time.start;
! if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
! delim = RaFieldDelimiter;
!
! sprintf (&date[strlen(date)], "%s%c", print_time(tvp), delim);
}
void
ArgusPrintLastDate (char *date, struct ArgusRecord *ptr)
{
- char delim = ' ';
struct timeval *tvp = NULL;
if (ptr->ahdr.type & ARGUS_MAR)
--- 916,927 ----
else
tvp = &ptr->argus_far.time.start;
! sprintf (&date[strlen(date)], "%s", print_time(tvp));
}
void
ArgusPrintLastDate (char *date, struct ArgusRecord *ptr)
{
struct timeval *tvp = NULL;
if (ptr->ahdr.type & ARGUS_MAR)
***************
*** 934,943 ****
else
tvp = &ptr->argus_far.time.last;
! if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
! delim = RaFieldDelimiter;
!
! sprintf (&date[strlen(date)], "%s%c", print_time(tvp), delim);
}
void
--- 929,935 ----
else
tvp = &ptr->argus_far.time.last;
! sprintf (&date[strlen(date)], "%s", print_time(tvp));
}
void
***************
*** 967,973 ****
sprintf (&date[strlen(date)], " ");
if (RaPrintLastTime)
! sprintf (&date[strlen(date)], "%s%c", print_time(last), delim);
}
void ArgusPrintSrcRate (char *, struct ArgusRecord *);
--- 959,965 ----
sprintf (&date[strlen(date)], " ");
if (RaPrintLastTime)
! sprintf (&date[strlen(date)], "%s", print_time(last));
}
void ArgusPrintSrcRate (char *, struct ArgusRecord *);
***************
*** 1003,1009 ****
if (ArgusThisAgr && (ArgusThisAgr->type == ARGUS_AGR_DSR))
hits = ArgusThisAgr->count;
! sprintf(&buf[strlen(buf)], "%5d ", hits);
}
}
--- 995,1001 ----
if (ArgusThisAgr && (ArgusThisAgr->type == ARGUS_AGR_DSR))
hits = ArgusThisAgr->count;
! sprintf(&buf[strlen(buf)], "%5d", hits);
}
}
***************
*** 1013,1019 ****
ArgusPrintAvgDuration (char *date, struct ArgusRecord *ptr)
{
struct ArgusAGRStruct *ArgusThisAgr = NULL;
! char *sptr, *iptr, delim = ' ';
struct timeval *start = NULL, *last = NULL;
struct timeval buf, *time = &buf;
--- 1005,1011 ----
ArgusPrintAvgDuration (char *date, struct ArgusRecord *ptr)
{
struct ArgusAGRStruct *ArgusThisAgr = NULL;
! char *sptr, *iptr;
struct timeval *start = NULL, *last = NULL;
struct timeval buf, *time = &buf;
***************
*** 1065,1081 ****
sprintf(sptr, ".%06d", (int) time->tv_usec);
sptr[pflag + 1] = '\0';
}
-
- if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
- sprintf(&date[strlen(date)], "%c", delim);
- else
- sprintf(&date[strlen(date)], "%c", ' ');
}
void
ArgusPrintDuration (char *date, struct ArgusRecord *ptr)
{
! char *sptr, *iptr, delim = ' ';
struct timeval *start = NULL, *last = NULL;
struct timeval buf, *time = &buf;
--- 1057,1068 ----
sprintf(sptr, ".%06d", (int) time->tv_usec);
sptr[pflag + 1] = '\0';
}
}
void
ArgusPrintDuration (char *date, struct ArgusRecord *ptr)
{
! char *sptr, *iptr;
struct timeval *start = NULL, *last = NULL;
struct timeval buf, *time = &buf;
***************
*** 1115,1125 ****
sprintf(sptr, ".%06d", (int) time->tv_usec);
sptr[pflag + 1] = '\0';
}
-
- if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
- sprintf(&date[strlen(date)], "%c", delim);
- else
- sprintf(&date[strlen(date)], "%c", ' ');
}
void ArgusGetIndicatorString (struct ArgusRecord *, char *);
--- 1102,1107 ----
***************
*** 1215,1222 ****
}
}
- *ptr = RaFieldDelimiter;
-
} else {
int encdone = 0;
--- 1197,1202 ----
***************
*** 1386,1392 ****
else
sprintf (argusIDStr, "%u", argus->ahdr.argusid);
! sprintf(buf, "%-15.15s ", argusIDStr);
}
void ArgusPrintBinNumber (char *, struct ArgusRecord *);
--- 1366,1372 ----
else
sprintf (argusIDStr, "%u", argus->ahdr.argusid);
! sprintf(buf, "%-15.15s", argusIDStr);
}
void ArgusPrintBinNumber (char *, struct ArgusRecord *);
***************
*** 1404,1410 ****
void
ArgusPrintSequenceNumber (char *buf, struct ArgusRecord *argus) {
! sprintf(buf, "%d ", argus->ahdr.seqNumber);
}
--- 1384,1390 ----
void
ArgusPrintSequenceNumber (char *buf, struct ArgusRecord *argus) {
! sprintf(buf, "%d", argus->ahdr.seqNumber);
}
***************
*** 1424,1433 ****
esrcString = etheraddr_string ((u_char *)&mac->phys_union.ether.ethersrc);
edstString = etheraddr_string ((u_char *)&mac->phys_union.ether.etherdst);
! sprintf (buf, "%17.17s %17.17s ", esrcString, edstString);
! } else
! sprintf (buf, "%17.17s %17.17s ", blankStr, blankStr);
}
void
--- 1404,1424 ----
esrcString = etheraddr_string ((u_char *)&mac->phys_union.ether.ethersrc);
edstString = etheraddr_string ((u_char *)&mac->phys_union.ether.etherdst);
! sprintf (buf, "%17.17s", esrcString);
! if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
! sprintf(&buf[strlen(buf)], "%c", RaFieldDelimiter);
! else
! sprintf(&buf[strlen(buf)], "%c", ' ');
! sprintf (&buf[strlen(buf)], "%17.17s", edstString);
! } else {
! sprintf (buf, "%17.17s", blankStr);
! if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
! sprintf(&buf[strlen(buf)], "%c", RaFieldDelimiter);
! else
! sprintf(&buf[strlen(buf)], "%c", ' ');
! sprintf (&buf[strlen(buf)], "%17.17s", blankStr);
! }
}
void
***************
*** 1468,1474 ****
}
if (protoStr != NULL)
! sprintf (buf, "%4.4s ", protoStr);
}
int ArgusPrintNet = 0;
--- 1459,1465 ----
}
if (protoStr != NULL)
! sprintf (buf, "%4.4s", protoStr);
}
int ArgusPrintNet = 0;
***************
*** 1537,1543 ****
struct ArgusFlow *flow;
if (argus->ahdr.type & ARGUS_MAR) {
! sprintf (&buf[strlen(buf)], "%*d ", hfield, argus->argus_mar.nextMrSequenceNum);
} else {
flow = &argus->argus_far.flow;
--- 1528,1534 ----
struct ArgusFlow *flow;
if (argus->ahdr.type & ARGUS_MAR) {
! sprintf (&buf[strlen(buf)], "%*u ", hfield, argus->argus_mar.nextMrSequenceNum);
} else {
flow = &argus->argus_far.flow;
***************
*** 1595,1603 ****
}
if (addr != NULL)
! sprintf (buf, "%*.*s ", thishfield, thishfield, addrstr);
else
! sprintf (buf, "%*.*s ", thishfield, thishfield, " ");
}
--- 1586,1595 ----
}
if (addr != NULL)
! sprintf (buf, "%*.*s", thishfield, thishfield, addrstr);
else
! sprintf (buf, "%*.*s", thishfield, thishfield, " ");
!
}
***************
*** 1631,1638 ****
case ETHERTYPE_REVARP:
case ETHERTYPE_ARP:
sprintf (&buf[strlen(buf)], "%*s", pfield - 1, " ");
- if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
- sprintf (buf, "%c", RaFieldDelimiter);
break;
default:
--- 1623,1628 ----
***************
*** 1650,1656 ****
ArgusPrintDstPort (char *buf, struct ArgusRecord *argus)
{
if (argus->ahdr.type & ARGUS_MAR) {
! sprintf (&buf[strlen(buf)], "%-*d", pfield + 1, argus->argus_mar.flows);
} else {
struct ArgusFlow *flow = &argus->argus_far.flow;
--- 1640,1646 ----
ArgusPrintDstPort (char *buf, struct ArgusRecord *argus)
{
if (argus->ahdr.type & ARGUS_MAR) {
! sprintf (&buf[strlen(buf)], "%-*u", pfield + 1, argus->argus_mar.flows);
} else {
struct ArgusFlow *flow = &argus->argus_far.flow;
***************
*** 1673,1681 ****
} else
sprintf (&buf[strlen(buf)], "%*s", pfield - 1, " ");
- if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
- sprintf (buf, "%c", RaFieldDelimiter);
-
break;
default:
--- 1663,1668 ----
***************
*** 1699,1743 ****
switch (proto) {
case IPPROTO_TCP:
case IPPROTO_UDP:
! if (RaPrintIndex > 0)
if ((RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintSrcAddr) ||
(RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintDstAddr))
if (RaFieldDelimiter == '\0')
if (buf[strlen(buf) - 1] == ' ')
buf[strlen(buf) - 1] = '.';
- sprintf (buf, "%-*d ", thispfield, port);
break;
default:
- if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
- sprintf (&buf[strlen(buf)], "%c", RaFieldDelimiter);
- else
- sprintf (buf, "%-*.*s ", thispfield, thispfield, " ");
break;
}
} else {
switch (proto) {
case IPPROTO_TCP:
case IPPROTO_UDP:
! if (RaPrintIndex > 0)
if ((RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintSrcAddr) ||
(RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintDstAddr))
if (RaFieldDelimiter == '\0')
if (buf[strlen(buf) - 1] == ' ')
buf[strlen(buf) - 1] = '.';
if (proto == IPPROTO_TCP)
! sprintf (buf, "%-*.*s ", thispfield, thispfield, tcpport_string(port));
else
! sprintf (buf, "%-*.*s ", thispfield, thispfield, udpport_string(port));
break;
default:
! if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
! sprintf (&buf[strlen(buf)], "%c", RaFieldDelimiter);
! else
! sprintf (buf, "%-*.*s ", thispfield, thispfield, " ");
break;
}
}
--- 1686,1728 ----
switch (proto) {
case IPPROTO_TCP:
case IPPROTO_UDP:
! if ((RaPrintIndex > 0) && ((RaFieldDelimiter == ' ') ||
! (RaFieldDelimiter == '\0'))) {
if ((RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintSrcAddr) ||
(RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintDstAddr))
if (RaFieldDelimiter == '\0')
if (buf[strlen(buf) - 1] == ' ')
buf[strlen(buf) - 1] = '.';
+ }
+
+ sprintf (buf, "%-*d", thispfield, port);
break;
default:
break;
}
} else {
switch (proto) {
case IPPROTO_TCP:
case IPPROTO_UDP:
! if ((RaPrintIndex > 0) && ((RaFieldDelimiter == ' ') ||
! (RaFieldDelimiter == '\0'))) {
if ((RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintSrcAddr) ||
(RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintDstAddr))
if (RaFieldDelimiter == '\0')
if (buf[strlen(buf) - 1] == ' ')
buf[strlen(buf) - 1] = '.';
+ }
if (proto == IPPROTO_TCP)
! sprintf (buf, "%-*.*s", thispfield, thispfield, tcpport_string(port));
else
! sprintf (buf, "%-*.*s", thispfield, thispfield, udpport_string(port));
break;
default:
!
break;
}
}
***************
*** 1748,1769 ****
} else {
switch (proto) {
default:
! sprintf (buf, "%-*.*s ", thispfield, thispfield, " ");
break;
case IPPROTO_TCP:
case IPPROTO_UDP:
! if (RaPrintIndex > 0)
if ((RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintSrcAddr) ||
(RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintDstAddr))
if (RaFieldDelimiter == '\0')
if (buf[strlen(buf) - 1] == ' ')
buf[strlen(buf) - 1] = '.';
!
if (argus->ahdr.status & ARGUS_MERGED)
sprintf (buf, "%-*.*s ", thispfield, thispfield, "*");
else
! sprintf (buf, "%-*d ", thispfield, port);
break;
}
}
--- 1733,1763 ----
} else {
switch (proto) {
default:
! sprintf (buf, "%-*.*s", thispfield, thispfield, " ");
! if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
! sprintf (&buf[strlen(buf)], "%c", RaFieldDelimiter);
! else
! sprintf (buf, "%-*.*s ", thispfield, thispfield, " ");
break;
case IPPROTO_TCP:
case IPPROTO_UDP:
! if ((RaPrintIndex > 0) && ((RaFieldDelimiter == ' ') ||
! (RaFieldDelimiter == '\0'))) {
if ((RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintSrcAddr) ||
(RaPrintAlgorithms[RaPrintIndex - 1] == ArgusPrintDstAddr))
if (RaFieldDelimiter == '\0')
if (buf[strlen(buf) - 1] == ' ')
buf[strlen(buf) - 1] = '.';
! }
if (argus->ahdr.status & ARGUS_MERGED)
sprintf (buf, "%-*.*s ", thispfield, thispfield, "*");
else
! sprintf (buf, "%-*d", thispfield, port);
! if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
! sprintf (&buf[strlen(buf)], "%c", RaFieldDelimiter);
! else
! sprintf (buf, "%-*.*s ", thispfield, thispfield, " ");
break;
}
}
***************
*** 1775,1790 ****
default:
thispfield -= 2;
! if ((ArgusThisProto == 0) && (proto != 0)) {
! sprintf (buf, "%-*.*s ", thispfield, thispfield, llcsap_string((unsigned char) port));
! } else {
- if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0')) {
- sprintf (buf, "%c", RaFieldDelimiter);
- } else {
- sprintf (buf, "%-*.*s ", thispfield, thispfield, " ");
- }
- }
}
}
--- 1769,1777 ----
default:
thispfield -= 2;
! if ((ArgusThisProto == 0) && (proto != 0))
! sprintf (buf, "%-*.*s", thispfield, thispfield, llcsap_string((unsigned char) port));
}
}
***************
*** 1969,1975 ****
}
}
! sprintf (buf, "%s ", dirStr);
}
void
--- 1956,1962 ----
}
}
! sprintf (buf, "%s", dirStr);
}
void
***************
*** 1986,1992 ****
dst_count = argus->argus_far.dst.count;
}
! sprintf (buf, "%-8u %-8u ", src_count, dst_count);
}
void
--- 1973,1979 ----
dst_count = argus->argus_far.dst.count;
}
! sprintf (buf, "%-8u%c%-8u", src_count,RaFieldDelimiter, dst_count);
}
void
***************
*** 2001,2007 ****
src_count = argus->argus_far.src.count;
}
! sprintf (buf, "%-8u ", src_count);
}
void
--- 1988,1994 ----
src_count = argus->argus_far.src.count;
}
! sprintf (buf, "%-8u", src_count);
}
void
***************
*** 2016,2022 ****
dst_count = argus->argus_far.dst.count;
}
! sprintf (buf, "%-8u ", dst_count);
}
void
--- 2003,2009 ----
dst_count = argus->argus_far.dst.count;
}
! sprintf (buf, "%-8u", dst_count);
}
void
***************
*** 2038,2044 ****
}
}
! sprintf (buf, "%-12u %-12u", src_bytes, dst_bytes);
}
void
--- 2025,2031 ----
}
}
! sprintf (buf, "%-12u%c%-12u", src_bytes, RaFieldDelimiter, dst_bytes);
}
void
***************
*** 2077,2084 ****
sprintf (buf, "%-12u", dst_bytes);
}
-
-
#include <math.h>
void
--- 2064,2069 ----
***************
*** 2092,2099 ****
void
ArgusPrintDstJitter (char *buf, struct ArgusRecord *argus)
{
! RaPrintSrcTime = 1;
! RaPrintDstTime = 0;
ArgusPrintJitter (buf, argus);
}
--- 2077,2084 ----
void
ArgusPrintDstJitter (char *buf, struct ArgusRecord *argus)
{
! RaPrintSrcTime = 0;
! RaPrintDstTime = 1;
ArgusPrintJitter (buf, argus);
}
***************
*** 2147,2157 ****
sprintf (jitterstr, "%6d.%03d (%6s)", meanval/1000, meanval%1000, stdstr);
*/
sprintf (jitterstr, "%6d.%03d", meanval/1000, meanval%1000);
! sprintf (&buf[strlen(buf)], "%-12s ", jitterstr);
} else {
sprintf (jitterstr, "%6d.%03d", meanval/1000, meanval%1000);
! sprintf (&buf[strlen(buf)], "%-12s ", jitterstr);
}
}
--- 2132,2149 ----
sprintf (jitterstr, "%6d.%03d (%6s)", meanval/1000, meanval%1000, stdstr);
*/
sprintf (jitterstr, "%6d.%03d", meanval/1000, meanval%1000);
! sprintf (&buf[strlen(buf)], "%-12s", jitterstr);
} else {
sprintf (jitterstr, "%6d.%03d", meanval/1000, meanval%1000);
! sprintf (&buf[strlen(buf)], "%-12s", jitterstr);
! }
!
! if (RaPrintDstTime) {
! if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
! sprintf(&buf[strlen(buf)], "%c", RaFieldDelimiter);
! else
! sprintf(&buf[strlen(buf)], "%c", ' ');
}
}
***************
*** 2320,2331 ****
sprintf (buf, "%10s", ptr);
if (dst_count > 1)
sprintf (ptr, "%.2f", ((double)(dst_count)/seconds));
else
sprintf (ptr, "%.2f", 0.0);
! sprintf (&buf[strlen(buf)], "%10s ", ptr);
}
/*
--- 2312,2328 ----
sprintf (buf, "%10s", ptr);
+ if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
+ sprintf(&buf[strlen(buf)], "%c", RaFieldDelimiter);
+ else
+ sprintf(&buf[strlen(buf)], "%c", ' ');
+
if (dst_count > 1)
sprintf (ptr, "%.2f", ((double)(dst_count)/seconds));
else
sprintf (ptr, "%.2f", 0.0);
! sprintf (&buf[strlen(buf)], "%10s", ptr);
}
/*
***************
*** 2443,2453 ****
if (seconds) {
sprintf (ptr, "%.4f", ((double)srcLossPkts));
sprintf (buf, "%10s", ptr);
sprintf (ptr, "%.4f", ((double)dstLossPkts));
! sprintf (&buf[strlen(buf)], "%10s ", ptr);
} else {
sprintf (ptr, "%.4f", 0.0);
sprintf (buf, "%10s", ptr);
sprintf (ptr, "%.4f", 0.0);
sprintf (&buf[strlen(buf)], "%10s ", ptr);
}
--- 2440,2458 ----
if (seconds) {
sprintf (ptr, "%.4f", ((double)srcLossPkts));
sprintf (buf, "%10s", ptr);
+ if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
+ sprintf(&buf[strlen(buf)], "%c", RaFieldDelimiter);
+ else
+ sprintf(&buf[strlen(buf)], "%c", ' ');
sprintf (ptr, "%.4f", ((double)dstLossPkts));
! sprintf (&buf[strlen(buf)], "%10s", ptr);
} else {
sprintf (ptr, "%.4f", 0.0);
sprintf (buf, "%10s", ptr);
+ if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
+ sprintf(&buf[strlen(buf)], "%c", RaFieldDelimiter);
+ else
+ sprintf(&buf[strlen(buf)], "%c", ' ');
sprintf (ptr, "%.4f", 0.0);
sprintf (&buf[strlen(buf)], "%10s ", ptr);
}
***************
*** 2492,2501 ****
if (seconds) {
sprintf (ptr, "%.2f", ((double)(src_bytes * 8.0))/seconds);
! sprintf (&buf[strlen(buf)], "%11s ", ptr);
} else {
sprintf (ptr, "%.2f", 0.0);
! sprintf (&buf[strlen(buf)], "%11s ", ptr);
}
}
--- 2497,2506 ----
if (seconds) {
sprintf (ptr, "%.2f", ((double)(src_bytes * 8.0))/seconds);
! sprintf (&buf[strlen(buf)], "%11s", ptr);
} else {
sprintf (ptr, "%.2f", 0.0);
! sprintf (&buf[strlen(buf)], "%11s", ptr);
}
}
***************
*** 2538,2547 ****
if (seconds) {
sprintf (ptr, "%.2f", ((double)(dst_bytes * 8.0))/seconds);
! sprintf (&buf[strlen(buf)], "%13s ", ptr);
} else {
sprintf (ptr, "%.2f", 0.0);
! sprintf (&buf[strlen(buf)], "%13s ", ptr);
}
}
--- 2543,2552 ----
if (seconds) {
sprintf (ptr, "%.2f", ((double)(dst_bytes * 8.0))/seconds);
! sprintf (&buf[strlen(buf)], "%13s", ptr);
} else {
sprintf (ptr, "%.2f", 0.0);
! sprintf (&buf[strlen(buf)], "%13s", ptr);
}
}
***************
*** 2551,2557 ****
int src_count = 0, dst_count = 0, src_bytes = 0, dst_bytes = 0;
struct timeval *start = NULL, *last = NULL;
struct timeval timebuf, *time = &timebuf;
! char tmpbuf[128], *ptr = tmpbuf;
double seconds;
start = &argus->argus_far.time.start;
--- 2556,2562 ----
int src_count = 0, dst_count = 0, src_bytes = 0, dst_bytes = 0;
struct timeval *start = NULL, *last = NULL;
struct timeval timebuf, *time = &timebuf;
! char tmpbuf[128], *ptr = tmpbuf, delim = ' ';
double seconds;
start = &argus->argus_far.time.start;
***************
*** 2583,2599 ****
src_bytes = argus->argus_far.src.bytes;
dst_bytes = argus->argus_far.dst.bytes;
}
if (seconds) {
sprintf (ptr, "%.2f", ((double)(src_bytes * 8.0))/seconds);
! sprintf (buf, "%13s", ptr);
sprintf (ptr, "%.2f", ((double)(dst_bytes * 8.0))/seconds);
! sprintf (&buf[strlen(buf)], "%13s ", ptr);
} else {
sprintf (ptr, "%.2f", 0.0);
! sprintf (buf, "%13s", ptr);
sprintf (ptr, "%.2f", 0.0);
! sprintf (&buf[strlen(buf)], "%13s ", ptr);
}
}
--- 2588,2607 ----
src_bytes = argus->argus_far.src.bytes;
dst_bytes = argus->argus_far.dst.bytes;
}
+
+ if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
+ delim = RaFieldDelimiter;
if (seconds) {
sprintf (ptr, "%.2f", ((double)(src_bytes * 8.0))/seconds);
! sprintf (buf, "%13s%c", ptr, delim);
sprintf (ptr, "%.2f", ((double)(dst_bytes * 8.0))/seconds);
! sprintf (&buf[strlen(buf)], "%13s", ptr);
} else {
sprintf (ptr, "%.2f", 0.0);
! sprintf (buf, "%13s%c", ptr, delim);
sprintf (ptr, "%.2f", 0.0);
! sprintf (&buf[strlen(buf)], "%13s", ptr);
}
}
***************
*** 2608,2616 ****
sdis = i - argus->argus_far.attr_ip.sttl;
}
}
! sprintf (&buf[strlen(buf)], " %3d ", sdis);
} else
! sprintf (&buf[strlen(buf)], " %3d ", argus->argus_far.attr_ip.sttl);
}
void
--- 2616,2624 ----
sdis = i - argus->argus_far.attr_ip.sttl;
}
}
! sprintf (&buf[strlen(buf)], " %3d", sdis);
} else
! sprintf (&buf[strlen(buf)], " %3d", argus->argus_far.attr_ip.sttl);
}
void
***************
*** 2624,2633 ****
ddis = i - argus->argus_far.attr_ip.dttl;
}
}
! sprintf (&buf[strlen(buf)], " %3d ", ddis);
} else
! sprintf (&buf[strlen(buf)], " %3d ", argus->argus_far.attr_ip.dttl);
}
void
--- 2632,2641 ----
ddis = i - argus->argus_far.attr_ip.dttl;
}
}
! sprintf (&buf[strlen(buf)], " %3d", ddis);
} else
! sprintf (&buf[strlen(buf)], " %3d", argus->argus_far.attr_ip.dttl);
}
void
***************
*** 2637,2651 ****
struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *) ArgusThisFarHdrs[ARGUS_VLAN_DSR_INDEX];
if (vlan->status & ARGUS_SRC_VLAN)
! sprintf (&buf[strlen(buf)], "0x%04x ", vlan->sid);
else
! sprintf(&buf[strlen(buf)], " ");
if (vlan->status & ARGUS_DST_VLAN)
! sprintf (&buf[strlen(buf)], "0x%04x ", vlan->did);
else
! sprintf(&buf[strlen(buf)], " ");
} else
! sprintf (&buf[strlen(buf)], " ");
}
void
--- 2645,2666 ----
struct ArgusVlanStruct *vlan = (struct ArgusVlanStruct *) ArgusThisFarHdrs[ARGUS_VLAN_DSR_INDEX];
if (vlan->status & ARGUS_SRC_VLAN)
! sprintf (&buf[strlen(buf)], "0x%04x%c", vlan->sid, RaFieldDelimiter);
else
! if (RaFieldDelimiter == ' ')
! sprintf(&buf[strlen(buf)], " ");
! else
! sprintf(&buf[strlen(buf)], "%c", RaFieldDelimiter);
if (vlan->status & ARGUS_DST_VLAN)
! sprintf (&buf[strlen(buf)], "0x%04x", vlan->did);
else
! if (RaFieldDelimiter == ' ')
! sprintf(&buf[strlen(buf)], " ");
} else
! if (RaFieldDelimiter == ' ')
! sprintf (&buf[strlen(buf)], " ");
! else
! sprintf(&buf[strlen(buf)], "%c", RaFieldDelimiter);
}
void
***************
*** 2655,2682 ****
struct ArgusMplsStruct *mpls = (struct ArgusMplsStruct *) ArgusThisFarHdrs[ARGUS_MPLS_DSR_INDEX];
if (mpls->status & ARGUS_SRC_MPLS)
! sprintf (&buf[strlen(buf)], " %5x ", mpls->slabel);
else
! sprintf(&buf[strlen(buf)], " ");
if (mpls->status & ARGUS_DST_MPLS)
! sprintf (&buf[strlen(buf)], " %5x ", mpls->dlabel);
else
! sprintf(&buf[strlen(buf)], " ");
} else
! sprintf (&buf[strlen(buf)], " ");
}
void
ArgusPrintSrcTOS (char *buf, struct ArgusRecord *argus)
{
! sprintf (&buf[strlen(buf)], " %3d ", argus->argus_far.attr_ip.stos);
}
void
ArgusPrintDstTOS (char *buf, struct ArgusRecord *argus)
{
! sprintf (&buf[strlen(buf)], " %3d ", argus->argus_far.attr_ip.dtos);
}
--- 2670,2701 ----
struct ArgusMplsStruct *mpls = (struct ArgusMplsStruct *) ArgusThisFarHdrs[ARGUS_MPLS_DSR_INDEX];
if (mpls->status & ARGUS_SRC_MPLS)
! sprintf (&buf[strlen(buf)], "%5x%c", mpls->slabel, RaFieldDelimiter);
else
! sprintf(&buf[strlen(buf)], " %c", RaFieldDelimiter);
if (mpls->status & ARGUS_DST_MPLS)
! sprintf (&buf[strlen(buf)], "%5x", mpls->dlabel);
else
! if (RaFieldDelimiter == ' ')
! sprintf(&buf[strlen(buf)], " ");
} else
! if (RaFieldDelimiter == ' ')
! sprintf(&buf[strlen(buf)], " ");
! else
! sprintf (&buf[strlen(buf)], "%c", RaFieldDelimiter);
}
void
ArgusPrintSrcTOS (char *buf, struct ArgusRecord *argus)
{
! sprintf (&buf[strlen(buf)], " %3d ", argus->argus_far.attr_ip.stos);
}
void
ArgusPrintDstTOS (char *buf, struct ArgusRecord *argus)
{
! sprintf (&buf[strlen(buf)], " %3d" , argus->argus_far.attr_ip.dtos);
}
***************
*** 2694,2708 ****
if (tcp != NULL) {
srcwin = tcp->src.win;
dstwin = tcp->dst.win;
! sprintf (&buf[strlen(buf)], "%-5d %-5d ", srcwin, dstwin);
} else {
! sprintf (&buf[strlen(buf)], "%14s", " ");
}
break;
}
default:
! sprintf (&buf[strlen(buf)], "%14s", " ");
}
}
--- 2713,2727 ----
if (tcp != NULL) {
srcwin = tcp->src.win;
dstwin = tcp->dst.win;
! sprintf (&buf[strlen(buf)], "%-5d%c%-5d", srcwin, RaFieldDelimiter, dstwin);
} else {
! sprintf (&buf[strlen(buf)], "%5s%c%5s", " ", RaFieldDelimiter, " ");
}
break;
}
default:
! sprintf (&buf[strlen(buf)], "%5s%c%5s", " ", RaFieldDelimiter, " ");
}
}
***************
*** 2850,2858 ****
bzero (tmpbuf, MAXSTRLEN);
for (RaPrintIndex = 0; RaPrintIndex < MAX_PRINT_ALG_TYPES; RaPrintIndex++) {
! if (RaPrintAlgorithms[RaPrintIndex] != NULL)
RaPrintAlgorithms[RaPrintIndex](&argus_strbuf[strlen(argus_strbuf)], argus);
! else
break;
}
--- 2869,2881 ----
bzero (tmpbuf, MAXSTRLEN);
for (RaPrintIndex = 0; RaPrintIndex < MAX_PRINT_ALG_TYPES; RaPrintIndex++) {
! if (RaPrintAlgorithms[RaPrintIndex] != NULL) {
RaPrintAlgorithms[RaPrintIndex](&argus_strbuf[strlen(argus_strbuf)], argus);
! if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
! sprintf(&argus_strbuf[strlen(argus_strbuf)], "%c", RaFieldDelimiter);
! else
! sprintf(&argus_strbuf[strlen(argus_strbuf)], "%c", ' ');
! } else
break;
}
***************
*** 2882,2894 ****
}
while (*str) {
! if (*str == ' ') {
! if (lastchr != RaFieldDelimiter)
! *ptr++ = RaFieldDelimiter;
while (isspace((int)*str)) str++;
- }
- lastchr = *str;
-
*ptr++ = *str++;
}
--- 2905,2912 ----
}
while (*str) {
! if (*str == ' ')
while (isspace((int)*str)) str++;
*ptr++ = *str++;
}
***************
*** 3227,3233 ****
if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
delim = RaFieldDelimiter;
! if ((ArgusSrcUserDataLen > 0) || (ArgusDstUserDataLen)) {
if (ArgusSrcUserDataLen > 0) {
switch (eflag) {
case ARGUS_ENCODE_ASCII:
--- 3245,3251 ----
if ((RaFieldDelimiter != ' ') && (RaFieldDelimiter != '\0'))
delim = RaFieldDelimiter;
! if ((ArgusSrcUserDataLen > 0) || (ArgusDstUserDataLen > 0)) {
if (ArgusSrcUserDataLen > 0) {
switch (eflag) {
case ARGUS_ENCODE_ASCII:
***************
*** 3253,3274 ****
bzero (strbuf, sizeof(strbuf));
bzero (conbuf, sizeof(conbuf));
if ((len = ArgusEncode (&user->data, NULL, len, str, sizeof(strbuf))) > 0)
! sprintf (con, "%cs[%d]=%s", delim, len, str);
else
sprintf (con, " ");
if (delim == ' ')
! sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-*s ", exlen, con);
else
! sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-s ", con);
- } else {
- if (delim != ' ')
- sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%c", delim);
- else
- sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-*s ", exlen, " ");
}
}
if (ArgusDstUserDataLen > 0) {
switch (eflag) {
--- 3271,3291 ----
bzero (strbuf, sizeof(strbuf));
bzero (conbuf, sizeof(conbuf));
if ((len = ArgusEncode (&user->data, NULL, len, str, sizeof(strbuf))) > 0)
! sprintf (con, "s[%d]=%s", len, str);
else
sprintf (con, " ");
if (delim == ' ')
! sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-*s", exlen, con);
else
! sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-s", con);
}
}
+ if (delim != ' ')
+ sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%c", delim);
+ else
+ sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-*s ", exlen, " ");
if (ArgusDstUserDataLen > 0) {
switch (eflag) {
***************
*** 3296,3318 ****
bzero (strbuf, sizeof(strbuf));
bzero (conbuf, sizeof(conbuf));
if ((len = ArgusEncode (&user->data, NULL, len, str, sizeof(strbuf))) > 0)
! sprintf (con, "%cd[%d]=%s", delim, len, str);
else
sprintf (con, " ");
if (delim == ' ')
sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-*s ", exlen, con);
else
! sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-s ", con);
! } else
! if (delim != ' ')
! sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%c", delim);
! else
! sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-*s ", exlen, " ");
}
! sprintf (&RaUserDataStr[strlen(RaUserDataStr)], " ");
}
}
--- 3313,3339 ----
bzero (strbuf, sizeof(strbuf));
bzero (conbuf, sizeof(conbuf));
if ((len = ArgusEncode (&user->data, NULL, len, str, sizeof(strbuf))) > 0)
! sprintf (con, "d[%d]=%s", len, str);
else
sprintf (con, " ");
if (delim == ' ')
sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-*s ", exlen, con);
else
! sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-s", con);
! }
}
+ if (delim != ' ')
+ sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%c", delim);
+ else
+ sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-*s ", exlen, " ");
! } else {
! if (delim != ' ')
! sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%c", delim);
! else
! sprintf (&RaUserDataStr[strlen(RaUserDataStr)], "%-*s %-*s ", exlen, " ", exlen, " ");
}
}
*** include/argus_util.h.orig Mon Aug 25 13:00:01 2003
--- include/argus_util.h Thu Apr 28 11:05:45 2005
***************
*** 142,171 ****
#define TSEQ_HASHSIZE 9029
#define HASHNAMESIZE 4096
! #define IPPROTOSTR 134
#define ipaddr_string(p) getname((u_char *)(p))
#ifdef ArgusUtil
! char *ip_proto_string [IPPROTOSTR] = {"ip", "icmp", "igmp", "ggp",
! "ipnip", "st", "tcp", "ucl", "egp", "igp", "bbn-rcc-mon", "nvp-ii",
"pup", "argus", "emcon", "xnet", "chaos", "udp", "mux", "dcn-meas",
"hmp", "prm", "xns-idp", "trunk-1", "trunk-2", "leaf-1", "leaf-2",
"rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp", "merit-inp", "sep",
"3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++", "il", "ipv6",
"sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre", "mhrp", "bna",
"esp", "ah", "i-nlsp", "swipe", "narp", "mobile", "tlsp", "skip",
! "ipv6-icmp", "ipv6-no", "ipv6-opts", "any", "cftp", "any", "sat-expak", "kryptolan",
! "rvd", "ippc", "any", "sat-mon", "visa", "ipcv", "cpnx", "cphb", "wsn",
! "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak", "iso-ip", "vmtp",
! "secure-vmtp", "vines", "ttp", "nsfnet-igp", "dgp", "tcf", "igrp",
! "ospfigp", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
! "aes-sp3-d", "etherip", "encap", "pri-enc", "gmtp", "ifmp", "pnni",
! "pim", "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer",
"ipx-n-ip", "vrrp", "pgm", "zero", "l2tp", "ddx", "iatp", "stp", "srp",
! "uti", "smp", "ptp", "isis", "fire", "crtp", "crudp", "sccopmce", "iplt",
! "sps", "pipe", "sctp", "fc",
};
#if defined(__OpenBSD__)
--- 142,172 ----
#define TSEQ_HASHSIZE 9029
#define HASHNAMESIZE 4096
! #define IPPROTOSTR 138
#define ipaddr_string(p) getname((u_char *)(p))
#ifdef ArgusUtil
! char *ip_proto_string [IPPROTOSTR] = {"hopopt", "icmp", "igmp", "ggp",
! "ipnip", "st", "tcp", "cbt", "egp", "igp", "bbn-rcc-mon", "nvp-ii",
"pup", "argus", "emcon", "xnet", "chaos", "udp", "mux", "dcn-meas",
"hmp", "prm", "xns-idp", "trunk-1", "trunk-2", "leaf-1", "leaf-2",
"rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp", "merit-inp", "sep",
"3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++", "il", "ipv6",
"sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre", "mhrp", "bna",
"esp", "ah", "i-nlsp", "swipe", "narp", "mobile", "tlsp", "skip",
! "ipv6-icmp", "ipv6-noinxt", "ipv6-opts", "any-p", "cftp", "any-n",
! "sat-expak", "kryptolan", "rvd", "ippc", "any-dfs", "sat-mon", "visa",
! "ipcv", "cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon",
! "wb-expak", "iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nsfnet-igp",
! "dgp", "tcf", "eigrp", "ospfigp", "sprite-rpc", "larp", "mtp", "ax.25",
! "ipip", "micp", "scc-sp", "etherip", "encap", "pri-enc", "gmtp", "ifmp",
! "pnni", "pim", "aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer",
"ipx-n-ip", "vrrp", "pgm", "zero", "l2tp", "ddx", "iatp", "stp", "srp",
! "uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crudp", "sccopmce",
! "iplt", "sps", "pipe", "sctp", "fc", "rsvp-e2e", "mobility", "udplite",
! "mpls-n-ip",
};
#if defined(__OpenBSD__)
***************
*** 183,189 ****
"MSR", "SEC", "ROB", "ROB", "ROB", "ROB",
"ROB", "ROB", "ROB", "ROB", "ROB", "ROB",
"TRC", "DCE", "MHR", "WAY", "IAH", "MRQ",
! "MRP", "DNQ", "DNP", "SKP", "PHO",
};
--- 184,190 ----
"MSR", "SEC", "ROB", "ROB", "ROB", "ROB",
"ROB", "ROB", "ROB", "ROB", "ROB", "ROB",
"TRC", "DCE", "MHR", "WAY", "IAH", "MRQ",
! "MRP", "DNQ", "DNP", "SKP", "PHO", "EXP",
};
--- end of 2.0.6-fixes.1 patches ---
Then with these two ra.conf files one can compare output data with the
following removed from ra2 (because they aren't in ra3 currently):
snet
dnet
tcpext
ra2.conf.full
RA_FIELD_DELIMITER=','
RA_PRINT_HOSTNAMES=protocol
RA_FIELD_SPECIFIER=time trans dur avgdur saddr daddr proto sport dport stos dtos sttl dttl bytes pkts load loss rate srcid ind mac dir jitter status user win seq mpls vlan ipid
RA_PRINT_UNIX_TIME=yes
RA_USEC_PRECISION=6
RA_PRINT_LABELS=0
--- end of conf file ---
ra3.conf.full
RA_PRINT_LABELS=0
RA_FIELD_DELIMITER=','
RA_FIELD_SPECIFIER=startime lasttime trans dur avgdur saddr daddr proto sport dport stos dtos sttl dttl sbytes dbytes spkts dpkts sload dload sloss dloss srate drate srcid ind mac dir sjit djit status suser duser win seq smplsi dmpls vlan ipid
RA_PRINT_HOSTNAMES=no
RA_TIME_FORMAT="%s"
RA_PRINT_DURATION=no
RA_PRINT_LASTIME=yes
--- end of conf file ---
Which produces this (where ra is the 2.0.6-fixes.1+patches ra):
ra -F ra2.conf.full -r t.argus
StartTime,LastTime,Trans,Dur,AvgDur,SrcAddr,DstAddr,Type,Sport,Dport,SrcTOS,DstTOS,SrcTTL,DstTTL,SrcBytes,DstBytes,SrcPkt,DstPkt,Src_bps,Dst_bps,Src_Loss,Dst_Loss,Src_pps,Dst_pps,ProbeId,Flgs,SrcMacAddr,DstMacAddr,Dir,SrcJitter,DstJitter,State,srcUdata,dstUdata,SrcWin,DstWin,Seq,sMPLS,dMPLS,sVLAN,dVLAN,IpId
1132974665.005254,1132974683.159241,,18.153987,18.153987,229.97.122.203,1,man,v2.0,0,0,0,0,0,0,0,0,0,-0.00,-0.00,,0.00,0.00,3848370891,,,,,0.000,0.000,STA,,,,,0,,,,,
1149490800.390902,1149490800.392313,1,0.001411,0.001411,206.127.21.254,142.58.207.207,udp,65442,123,0,16,46,61,90,90,1,1,510276.40,510276.40,0.0000,0.0000,0.00,0.00,3848370891,,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,<->,0.000,0.000,CON,,,,,1307546097,,,,,0xbc5f
and this (where ra3 is the argus-clients-3.0.0.rc.8 with the attached
patch):
ra3 -F ra3.conf.full -r t.argus
ra3[24621]: 11:32:05.740364, usage: number of -s options exceeds 38
which is problem one (our option list doesn't have enough range for all the
options :-)).
so clip the last two (vlan and ipid) to get under 38 (indicating we need at
least 40 as the limit and probably more because there are unused options still)
which gives:
%ra3 -F ra3.conf.full -n -r t.argus
StartTime,LastTime,Trans,Dur,AvgDur,SrcAddr,DstAddr,Proto,Sport,Dport,sTos,dTos,sTtl,dTtl,SrcBytes,DstBytes,SrcPkts,DstPkts,Src_pps,Dst_pps,SrcLoss,DstLoss,Src_bps,Dst_bps,SrcId,SrcMac,DstMac,Dir,SrcJitter,DstJitter,srcUdata,dstUdata,SrcWin,DstWin,Seq,sMpls[0],dMpls[0]
1149490800.390902,1149490800.392313,1,0.001411,0.001411,206.127.21.254,142.58.207.207,udp,65442,123, , , , ,90,90,1,1,708.717,708.717,0,0,510276.375,510276.375,229.97.122.203,0:90:69:c0:e0:1f,0:e0:63:13:7e:0,<->,,,,, , ,1307546097 , ,
and indicates a few holes (the first line on ra2 is a man line that
3 doesn't output so we are comparing line 2 in ra2 to line 1 in ra3).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list