-ltime seems to not work
Peter Van Epp
vanepp at sfu.ca
Mon Sep 25 15:52:07 EDT 2006
On Mon, Sep 25, 2006 at 01:56:48PM -0500, Karl Tatgenhorst wrote:
>
>
> If I do ra -s +suser:128 -ltime -r argus-file
>
> I get the following:
>
> ra[18712]: 13:54:30.073772 time syntax error ime
> ra[18712]: 13:54:30.473741 +suser:128 - filter syntax error
>
>
> Any ideas?
>
> Karl
>
Hmmm, which argus are you using? On rc.29 (with an argus 3.0 input
file) I get:
%ra3 -s +suser:128 -ltime -r rudata1.3.argus
ra3[67733]: 12:53:34.154885 time syntax error ime
which is because there is no -l option. If you want to supress ltime
you need to remove the blanks (although ltime is supressed by default unless
you have it on in the .rc file):
%ra3 -s +suser:128-ltime -r rudata1.3.argus
11:21:34.224639 v tcp 142.58.160.80.26635 <?> 142.55.229.29.1069 27 26 2448 1664 CON s[4]=":/.."
although there does seem to be a bug here (in that suser disappears if
I remove the length field):
%ra3 -s +suser-ltime -r rudata1.3.argus
11:21:34.224639 v tcp 142.58.160.80.26635 <?> 142.55.229.29.1069 27 26 2448 1664 CON
%ra3 -s +suser -r rudata1.3.argus
11:21:34.224639 v tcp 142.58.160.80.26635 <?> 142.55.229.29.1069 27 26 2448 1664 CON s[4]=":/.."
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list