Ra isn't printing the records - clients-3.0.0.rc.65
Peter Van Epp
vanepp at sfu.ca
Mon Dec 17 15:51:08 EST 2007
On Sun, Dec 16, 2007 at 09:20:32PM -0400, Pablo.Rebollo at ece.uprm.edu wrote:
> Carter,
>
> I'm unable to print argus records with ra (clients-3.0.0.rc.65). It
> showed empty new lines. I don't have this problem with rc.63.
>
> ra -n -r argus.file
>
> Clients (rc.65) doesn't compile without .threads due to several errors.
> I'm testing Argus with Ubuntu 7.10 (i386).
>
> Best regards,
>
> Pablo J. Rebollo
Why is fairly easy, if there isn't a -s option then RaPrintAlgorithmList
doesn't get populated and nothing prints. Figuring out where it should be
initialized is a bit harder (in parser initialization I expect), but in the
meantime there is a workaround:
ra -r test.argus -s stime flgs proto saddr sport dir daddr dport pkts bytes state -n
will give you aproximately normal ra output (maybe exactly if I remembered all
the fields correctly :-)) from the rc.65 code.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list