No user data field in rc 29
Peter Van Epp
vanepp at sfu.ca
Fri Sep 22 11:29:48 EDT 2006
On Fri, Sep 22, 2006 at 10:08:47AM -0500, Karl Tatgenhorst wrote:
> Hi,
>
> I am using argus rc 29 now on our network and having a strange
> issue. I first got everything working with no special options, that went
> well. Then I added to the argus server "-U 128" to preserve 128 bytes of
> user space in the record. That ran without a hitch. Then I set the
> clients to "ra -S argus-north:561 -s +user:128 -
> w /var/log/argus/processed/north/tmp.argus_north"
>
> There is no difference in the output. I am not catching any user data.
>
>
> Any thoughts? Feel free to ask for any more info that you need.
>
> Thank you,
>
> Karl Tatgenhorst
> Network Security Officer
> University of Chicago
> 773-702-3956
>
For sorting reasons most of the combined print fields are gone (it
breaks sorting or probably makes sorting too complex).
Try -s +suser +duser I know that works and indeed some recent ra man page
(probably not as late as rc.29 though) indicates suser and duser are the only
two left :-).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list