argus-clients-3.0.0.rc.11

Carter Bullard carter at qosient.com
Mon Jun 26 11:53:25 EDT 2006 

Hey Peter,
    Ok, I have completely changed the implementation for the printing
keywords, when I removed the unused keywords, and as a result, I
have added just one last complication.

     I have changed the keyword for printing the start time from  
'startime'
to 'stime' and the last time 'lasttime' to 'ltime'.   It was causing  
all sorts
of problems for people since I didn't have 2 t's in startime.

    Hopefully this will be a bit better.  I've fixed the separators,  
etc..., and
I've updated all the man pages, and support Config files.
I have included ra.print.all.conf, which has all the legal fields.

Hope this isn't toooooo much of an inconvenience.

Carter



On Jun 25, 2006, at 11:27 PM, Peter Van Epp wrote:

> 	Have't had any time to poke further this weekend but I can arrange to
> whack anything with 2 field output by NULLing the print and label  
> generation
> calls in argus_util.h and fix up the ra man page (which still lists  
> a bunch of
> the two output fields). The IPV6 question is what stopped me from  
> porting the
> 2.0.6 code in to 3.0, I wondered if there was a solution to that  
> one and it
> sounds like there isn't :-) so we can whack that one too I expect :-).
> 	With the patch to remove the extra field delimiter from starttime I
> have a set of config files which give the same fields from ra2 and  
> ra3 in to
> a perl script so it should be possible to automate testing of 2.0.6  
> files read
> by both versions.
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
> On Sat, Jun 24, 2006 at 02:26:13PM +0000, carter at qosient.com wrote:
>> Hey Peter,
>> I would like to remove any field that generates two column output,  
>> since you can't sort/filter on two field values.  I can remove the  
>> keyword or assign it to one or the other fields.
>>
>> So, for srcnet?  How does that work for IPv6 addresses?  That's  
>> why I took it out.  So when I generalized it, I couldn't make it  
>> work.
>>
>> Carter
>>
>>
>>
>> Carter Bullard
>> QoSient LLC
>> 150 E. 57th Street Suite 12D
>> New York, New York 10022
>> +1 212 588-9133 Phone
>> +1 212 588-9134 Fax
>>
>> -----Original Message-----
>> From: Peter Van Epp <vanepp at sfu.ca>
>> Date: Fri, 23 Jun 2006 21:43:01
>> To:argus-info at lists.andrew.cmu.edu
>> Subject: Re: [ARGUS] argus-clients-3.0.0.rc.11
>>
>> 	Here is the start of a patch against argus-clients-3.0.0.rc.11 to
>> correct the first few printing problems (there are still a number  
>> present that
>> I haven't gotten to yet). Time printing was mostly broken (time  
>> didn't work at
>> all, and startime added an extra separator from the conf file).  
>> I've run
>> through the entire print set one at a time in the conf file and  
>> noted problems.
>> There doesn't appear to be any code in ArgusPrintSrcNet or  
>> ArgusPrintDstNet
>> so nets don't print :-).  vlan vid and vpri all fail to add a  
>> separator
>> character for the second field (all work in the svlan dvlan mode  
>> though). The
>> ra man page needs some more work too :-).
>>
>> Peter Van Epp / Operations and Technical Support
>> Simon Fraser University, Burnaby, B.C. Canada
>>
>> *** common/argus_util.c.orig	Fri Jun 23 14:47:38 2006
>> --- common/argus_util.c	Fri Jun 23 21:30:34 2006
>> ***************
>> *** 1426,1460 ****
>>   void
>>   ArgusPrintDate (struct ArgusParserStruct *parser, char *buf,  
>> struct ArgusRecordStruct *argus)
>>   {
>> -    struct timeval startbuf, lastbuf;
>> -    struct timeval *start = NULL, *last = NULL;
>> -
>> -    if (argus->hdr.type & ARGUS_MAR) {
>> -       struct ArgusRecord *rec = (struct ArgusRecord *) &argus- 
>> >canon;
>>
>> !       start = &startbuf;
>> !       start->tv_sec  = rec->argus_mar.startime.tv_sec;
>> !       start->tv_usec = rec->argus_mar.startime.tv_sec;
>> !
>> !       last  = &lastbuf;
>> !       last->tv_sec  = rec->argus_mar.now.tv_sec;
>> !       last->tv_usec = rec->argus_mar.now.tv_usec;
>> !
>> !    } else {
>> !       start = &startbuf;
>> !       start->tv_sec  = argus->canon.time.src.start.tv_sec;
>> !       start->tv_usec = argus->canon.time.src.start.tv_usec;
>> !
>> !       last  = &lastbuf;
>> !       last->tv_sec  = argus->canon.time.src.end.tv_sec;
>> !       last->tv_usec = argus->canon.time.src.end.tv_usec;
>> !    }
>> !
>> !    if (parser->RaPrintStartTime && start)
>> !       ArgusPrintTime(parser, buf, start);
>> !
>> !    if (parser->RaPrintLastTime && last)
>> !       ArgusPrintTime(parser, buf, last);
>>
>>   #ifdef ARGUSDEBUG
>>      ArgusDebug (10, "ArgusPrintDate (0x%x, 0x%x)", buf, argus);
>> --- 1426,1434 ----
>>   void
>>   ArgusPrintDate (struct ArgusParserStruct *parser, char *buf,  
>> struct ArgusRecordStruct *argus)
>>   {
>>
>> !     ArgusPrintStartDate (parser, buf, argus);
>> !     ArgusPrintLastDate (parser, buf, argus);
>>
>>   #ifdef ARGUSDEBUG
>>      ArgusDebug (10, "ArgusPrintDate (0x%x, 0x%x)", buf, argus);
>> ***************
>> *** 7121,7126 ****
>> --- 7095,7101 ----
>>   ArgusPrintDateLabel (struct ArgusParserStruct *parser, char *buf)
>>   {
>>      ArgusPrintStartDateLabel (parser, buf);
>> +    ArgusPrintLastDateLabel (parser, buf);
>>   }
>>
>>   void
>> ***************
>> *** 10046,10059 ****
>>      }
>>
>>      len = strlen(buf);
>> -
>> -    if ((parser->RaFieldDelimiter != ' ') && (parser- 
>> >RaFieldDelimiter != '\0')) {
>> -       buf[len] = parser->RaFieldDelimiter;
>> -       buf[len + 1] = '\0';
>> -    } else {
>> -       buf[len] = ' ';
>> -       buf[len + 1] = '\0';
>> -    }
>>   }
>>
>>
>> --- 10021,10026 ----
>>
>

More information about the argus mailing list