rc.35 - two problems

[Philipp E. Letschert]

My fault!

When option is set, the appbytes show up as expected.

attached is a patch for the argus.conf.5 man page to be in sync with the sample
configuration in ./support/Config/argus.conf

Section "ARGUS_FLOW_TYPE / ARGUS_FLOW_KEY" needs review.


I will look up the other issues again, and send you some files if appropriate.

Bye, Philipp


On Mon, Nov 20, 2006 at 08:31:02AM -0500, Carter Bullard wrote:
> Hey Philipp,
> With the 3.0 argus records, remember your argus has to be configured  
> to generate
> the appbytes fields (this is data conserving by default).  If you  
> have it configured,
> then thats a problem if they are all zero.  I'll take a look at that,  
> but if you could
> respond that would be very helpful!!!!!!
> 
> Thanks!!!
> 
> Carter
> 
> On Nov 19, 2006, at 3:52 PM, Philipp E. Letschert wrote:
> 
> >Hi,
> >
> >I've noticed two other problems:
> >
> >When reading 3.x files generated by argus (rc.35) with ra (rc.35)  
> >then it looks
> >that some of the records are missed by ra (e.g. racount on a file  
> >gives 2050
> >records, but ra only outputs 1991). I don't know which are the  
> >missed ones,
> >perhaps this are management entries. Some of the 'man' entries have  
> >a starting
> >date of 01-01-70 01:00:00 (probably the first ones that are  
> >generated when argus
> >starts and is appending to the file)
> >
> >appbytes, sappbytes, dappbytes is always zero when reading rc.35  
> >files with
> >ra.rc.35.  When reading 2.0.6 files witch ra.rc.35 [s|d]appbytes  
> >are generated
> >correctly.
> >
> >Bye,
> >Philipp
> >
> >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: argus.conf.5.patch.gz
Type: application/x-gunzip
Size: 2158 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061120/3882b545/attachment.bin>