Ra isn't printing the records - clients-3.0.0.rc.65
Carter Bullard
carter at qosient.com
Tue Dec 18 10:27:27 EST 2007
Hey Peter,
I moved the printing algorithm list to the ArgusParser struct,
rather than having a single global printing list, so we could have
multiple printings of the same column with variations. I need this
if we're going to support things like:
-w data/$srcid/$saddr[0]/$saddr[1]/$saddr[2]/$saddr[3]/data.out
so you can use the address hierarchy for sorting etc ...
I'll fix this problem, but if you have a .rarc that defines the print
fields,
it shouldn't be a problem ?
Carter
On Dec 17, 2007, at 3:51 PM, Peter Van Epp wrote:
> On Sun, Dec 16, 2007 at 09:20:32PM -0400, Pablo.Rebollo at ece.uprm.edu
> wrote:
>> Carter,
>>
>> I'm unable to print argus records with ra (clients-3.0.0.rc.65). It
>> showed empty new lines. I don't have this problem with rc.63.
>>
>> ra -n -r argus.file
>>
>> Clients (rc.65) doesn't compile without .threads due to several
>> errors.
>> I'm testing Argus with Ubuntu 7.10 (i386).
>>
>> Best regards,
>>
>> Pablo J. Rebollo
>
> Why is fairly easy, if there isn't a -s option then
> RaPrintAlgorithmList
> doesn't get populated and nothing prints. Figuring out where it
> should be
> initialized is a bit harder (in parser initialization I expect), but
> in the
> meantime there is a workaround:
>
> ra -r test.argus -s stime flgs proto saddr sport dir daddr dport
> pkts bytes state -n
>
> will give you aproximately normal ra output (maybe exactly if I
> remembered all
> the fields correctly :-)) from the rc.65 code.
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
More information about the argus
mailing list