rc.37 filter broken?
Peter Van Epp
vanepp at sfu.ca
Sat Feb 3 18:02:41 EST 2007
On Sat, Feb 03, 2007 at 01:48:15AM +0000, carter at qosient.com wrote:
> Hey Peter!!
> I'll take a look at this over the weekend!!
> Could you send me the output of ra() with the -b option, usinf your filter?
>
> Thanks!!
>
> Carter
>
>
> Carter Bullard
> QoSient LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
> -----Original Message-----
> From: Peter Van Epp <vanepp at sfu.ca>
> Date: Thu, 1 Feb 2007 09:11:11
> To:argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] rc.37 filter broken?
>
> This filter works as expected on 2.0.6:
>
> ra -r /usr/local/argus/com_argus.archive/2007/02/01/* -nn host 209.190.24.98 and not host 142.58.195.106
>
> But doesn't seem to on rc.37 (I haven't upgraded yet):
>
> /usr/local/bin/ra3 -r /archive/argus3/com_argus.archive/2007/001/* -n -- host 209.190.24.98 and not host 142.58.197.106
> 23:59:58.461746 tcp 209.190.24.98.12969 -> 142.58.195.106.80 3 2 1404 120 CON
> 00:00:03.212768 tcp 209.190.24.98.12553 -> 142.58.195.106.80 3 4 180 2644 FIN
>
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
Turns out no need, operator error. As I was gathering the -b output I
noticed the second command line has 142.58.197.106 instead of 142.58.195.106
as it should have (and which works correctly). I should have been more
suspicious when something so common appeared to be broken :-).
There are a few warnings on rc.39 on Mac OS and Linux although they
don't appear to be affecting operation:
argus-3.0.0.rc.39.tar on Mac OS 10.4
gcc -O3 -I. -I/usr/include -I./../include -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_VFPRINTF=1 -DHAVE_STRCASECMP=1 -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRDUP=1 -DHAVE_STRFTIME=1 -DHAVE_SETLINEBUF=1 -DHAVE_ALARM=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_VSNPRINTF=1 -DHAVE_SNPRINTF=1 -DHAVE_ETHER_HOSTTON=1 -DHAVE_STRUCT_ETHER_ADDR=1 -DHAVE_DECL_ETHER_HOSTTON=0 -DHAVE_TCP_WRAPPER=1 -DHAVE_SYS_SOCKIO_H=1 -DHAVE_STRING_H=1 -DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 -DSTDC_HEADERS=1 -DARGUS_SYSLOG=1 -o ../bin/argus argus.o ArgusModeler.o ArgusSource.o ArgusUtil.o ArgusOutput.o ArgusUdp.o ArgusTcp.o ArgusIcmp.o ArgusIgmp.o ArgusEsp.o ArgusArp.o ArgusFrag.o ArgusAuth.o ArgusApp.o -lpcap -lwrap ../lib/argus_common.a -lm
/usr/bin/ld: warning multiple definitions of symbol _allow_severity
ArgusOutput.o definition of _allow_severity in section (__DATA,__data)
/usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libwrap.dylib(tcpd.o) definition of _allow_severity
/usr/bin/ld: warning multiple definitions of symbol _main
argus.o definition of _main in section (__TEXT,__text)
/usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libwrap.dylib(tcpd.o) definition of _main
/usr/bin/ld: warning multiple definitions of symbol _deny_severity
ArgusOutput.o definition of _deny_severity in section (__DATA,__data)
/usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libwrap.dylib(tcpd.o) definition of _deny_severity
### Done with /usr/local/src/argus-3.0.0.rc.39/argus
clients:
making in ./radium
gcc -O3 -I. -I../include -I../common -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_VFPRINTF=1 -DHAVE_STRCASECMP=1 -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRDUP=1 -DHAVE_STRFTIME=1 -DHAVE_SETLINEBUF=1 -DHAVE_ALARM=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_INTTYPES_H=1 -DARGUS_THREADS=1 -DHAVE_TCP_WRAPPER=1 -DHAVE_SYS_SOCKIO_H=1 -DHAVE_STRING_H=1 -DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 -DHAVE_ETHER_HOSTTON=1 -DHAVE_STRERROR=1 -DHAVE_STRTOF=1 -DARGUS_CURSES=1 -DHAVE_DARWIN=1 -DSTDC_HEADERS=1 -c ./radium.c
gcc -O3 -o radium radium.o ../lib/argus_parse.a ../lib/argus_common.a ../lib/argus_client.a -lwrap
/usr/bin/ld: warning multiple definitions of symbol _allow_severity
radium.o definition of _allow_severity in section (__DATA,__data)
/usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libwrap.dylib(tcpd.o) definition of _allow_severity
/usr/bin/ld: warning multiple definitions of symbol _main
../lib/argus_parse.a(argus_main.o) definition of _main in section (__TEXT,__text)
/usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libwrap.dylib(tcpd.o) definition of _main
/usr/bin/ld: warning multiple definitions of symbol _deny_severity
radium.o definition of _deny_severity in section (__DATA,__data)
/usr/lib/gcc/powerpc-apple-darwin8/4.0.1/../../../libwrap.dylib(tcpd.o) definition of _deny_severity
SUSE 10.2 on IBM P510 PowerPC
clients:
gcc -O3 -pthread -I. -I../include -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_VFPRINTF=1 -DHAVE_STRCASECMP=1 -DHAVE_STRDUP=1 -DHAVE_STRFTIME=1 -DHAVE_SETLINEBUF=1 -DHAVE_ALARM=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_SYS_BITYPES_H=1 -DHAVE_INTTYPES_H=1 -D_FILE_OFFSET_BITS=64 -DARGUS_THREADS=1 -DHAVE_TCP_WRAPPER=1 -DHAVE_STRING_H=1 -DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 -DHAVE_ETHER_HOSTTON=1 -DHAVE_STRERROR=1 -DHAVE_STRTOF=1 -DARGUS_CURSES=1 -DSTDC_HEADERS=1 -DARGUS_SYSLOG -c ./argus_main.c
./argus_main.c: In function b��mainb��:
./argus_main.c:282: warning: comparison between pointer and integer
rm -f ../lib/argus_parse.a; ar qc ../lib/argus_parse.a argus_main.o
argus:
clean
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list