No ra() output with FBSD 6.2
Carter Bullard
carter at qosient.com
Thu Dec 27 10:15:44 EST 2007
Hey Scott,
This is a known problem, I'll fix it today. Seems that the default
print
list is not being initialized. You should be able to get past it with
a ~/.rarc file that specifies the print fields, or add a field
modification
option on the command line:
ra -s +flgs -nr argus_data
or any additional field that would be useful?
Carter
On Dec 27, 2007, at 8:36 AM, Scott A. McIntyre wrote:
> Hi,
>
> One of my argus boxes was recently "upgraded" from FreeBSD 4.x to
> 6.2. In the process, my argus2 install finally died and I took the
> chance to upgrade this last box to argus3...it's my only FBSD box
> running Argus, so this problem may be unique to me, or not.
>
> argus() itself is logging packets just fine. A "strings" on the
> argus output file shows data I'd expect to see. However, ra() fails
> to generate anything useful, only spewing tens of thousands of what
> appear to be completely *empty* lines.
>
> ra isn't linked to anything weird:
>
> /usr/local/bin/ra:
> libm.so.4 => /lib/libm.so.4 (0x480d4000)
> libreadline.so.6 => /lib/libreadline.so.6 (0x480ea000)
> libncurses.so.6 => /lib/libncurses.so.6 (0x48117000)
> libpthread.so.2 => /lib/libpthread.so.2 (0x48156000)
> libc.so.6 => /lib/libc.so.6 (0x4817b000)
>
> And reports:
>
> Ra Version 3.0.0.rc.65
>
> Yet the very same "ra -n -r argus_data" that works on my linux boxes
> spews nothing but whitespace on this box.
>
> No rarc involved, ktrace looks normal, and even the kdump output
> seems to see the same data that "strings" does..
>
> I must be missing something trivial...ideas?
>
> Thanks,
>
> Scott
>
>
More information about the argus
mailing list