simple query on argus and ra...
Peter Van Epp
vanepp at sfu.ca
Mon Mar 20 17:37:02 EST 2006
On Mon, Mar 20, 2006 at 10:17:53PM +0000, poncenby smythe wrote:
> List,
>
> Apologies in advanced for this simple question.
> This is on openbsd3.8 generic and using argus-2.0.6.fixes.1/argus-
> clients-2.0.6.fixes.1
>
> I do this...
> ./argus -U128 -r mail.pcap -w argus.out
>
> then this...
> ./ra -d 128 -r argus.out -n
>
> but do not see any buffer data.
> mail.pcap has been verified to hold a complete pop3 session.
>
> Am I missing something...
> I happily put myself forward to update the qosient.com/argus website
> so silly people like me don't clog up lists like this.
>
> Thanks in advance
>
> poncenby
I knew there was something else that had bitten me that I meant to add
to the ra man page ... Add -s +user to the ra command as in
./ra -d 128 -r argus.out -n -s +user
to add the user data output field to the printed output (it isn't part of the
field by default).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list