argus-clients-3.0.0.rc.11
carter at qosient.com
carter at qosient.com
Sat Jun 24 10:26:13 EDT 2006
Hey Peter,
I would like to remove any field that generates two column output, since you can't sort/filter on two field values. I can remove the keyword or assign it to one or the other fields.
So, for srcnet? How does that work for IPv6 addresses? That's why I took it out. So when I generalized it, I couldn't make it work.
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: Peter Van Epp <vanepp at sfu.ca>
Date: Fri, 23 Jun 2006 21:43:01
To:argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] argus-clients-3.0.0.rc.11
Here is the start of a patch against argus-clients-3.0.0.rc.11 to
correct the first few printing problems (there are still a number present that
I haven't gotten to yet). Time printing was mostly broken (time didn't work at
all, and startime added an extra separator from the conf file). I've run
through the entire print set one at a time in the conf file and noted problems.
There doesn't appear to be any code in ArgusPrintSrcNet or ArgusPrintDstNet
so nets don't print :-). vlan vid and vpri all fail to add a separator
character for the second field (all work in the svlan dvlan mode though). The
ra man page needs some more work too :-).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
*** common/argus_util.c.orig Fri Jun 23 14:47:38 2006
--- common/argus_util.c Fri Jun 23 21:30:34 2006
***************
*** 1426,1460 ****
void
ArgusPrintDate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus)
{
- struct timeval startbuf, lastbuf;
- struct timeval *start = NULL, *last = NULL;
-
- if (argus->hdr.type & ARGUS_MAR) {
- struct ArgusRecord *rec = (struct ArgusRecord *) &argus->canon;
! start = &startbuf;
! start->tv_sec = rec->argus_mar.startime.tv_sec;
! start->tv_usec = rec->argus_mar.startime.tv_sec;
!
! last = &lastbuf;
! last->tv_sec = rec->argus_mar.now.tv_sec;
! last->tv_usec = rec->argus_mar.now.tv_usec;
!
! } else {
! start = &startbuf;
! start->tv_sec = argus->canon.time.src.start.tv_sec;
! start->tv_usec = argus->canon.time.src.start.tv_usec;
!
! last = &lastbuf;
! last->tv_sec = argus->canon.time.src.end.tv_sec;
! last->tv_usec = argus->canon.time.src.end.tv_usec;
! }
!
! if (parser->RaPrintStartTime && start)
! ArgusPrintTime(parser, buf, start);
!
! if (parser->RaPrintLastTime && last)
! ArgusPrintTime(parser, buf, last);
#ifdef ARGUSDEBUG
ArgusDebug (10, "ArgusPrintDate (0x%x, 0x%x)", buf, argus);
--- 1426,1434 ----
void
ArgusPrintDate (struct ArgusParserStruct *parser, char *buf, struct ArgusRecordStruct *argus)
{
! ArgusPrintStartDate (parser, buf, argus);
! ArgusPrintLastDate (parser, buf, argus);
#ifdef ARGUSDEBUG
ArgusDebug (10, "ArgusPrintDate (0x%x, 0x%x)", buf, argus);
***************
*** 7121,7126 ****
--- 7095,7101 ----
ArgusPrintDateLabel (struct ArgusParserStruct *parser, char *buf)
{
ArgusPrintStartDateLabel (parser, buf);
+ ArgusPrintLastDateLabel (parser, buf);
}
void
***************
*** 10046,10059 ****
}
len = strlen(buf);
-
- if ((parser->RaFieldDelimiter != ' ') && (parser->RaFieldDelimiter != '\0')) {
- buf[len] = parser->RaFieldDelimiter;
- buf[len + 1] = '\0';
- } else {
- buf[len] = ' ';
- buf[len + 1] = '\0';
- }
}
--- 10021,10026 ----
More information about the argus
mailing list