ArgusBug ratop : unable to change filter ('f' command)

Carter Bullard carter at qosient.com
Tue Feb 13 23:46:06 EST 2007 

Hey Stephane,
Two things, yes there is a bug in the filter, but it may not be working
as you think .........  Thanks for the report,, I have fixed it, so wait
until rc.40 to test drive the suggestions below, and I apologize if
I am going over understood concepts.

You specified an input filter, and so for it to have an effect, you
need to re-read the data so the filter can be applied to the data.
After setting up the filter, type 'r' .  The "Read files(s): " prompt  
should
come up with the file you've already read.  Just type carriage
return, and ratop() will discard its internal buffers and re-read the  
file.
Now if there wasn't a bug, it would filter out records, but with the bug
it will act as if there you had not entered a filter.

There are three types of filters in ratop(), the first is a remote  
filter, which
will be transmitted to a remote argus source, thus limiting the amount
of traffic on the wire.  The second is a local input filter.  You  
would use
this type of filter if the remote does not support the type of filter  
you want
to use.  This is a compatibility feature.  The third, which is the  
filter you
are looking for I suspect, is a display filter, which will control what
records are displayed, without affecting the internal buffers of ratop 
().

You differentiate the filter types using the keywords "remote", "local"
and "display".   Without a keyword, you get "remote", and the remote
filter is sent, if there is an argus server to send it to, and it is  
used as
an input filter for ratop().

So ... try this:

    ratop -r file

This causes ratop() to process the file without any type of input  
filtering.
Once the data is done, then in ratop(), call up the "Specify filter:  
" prompt
by typing:

   f

and then at the prompt type:

    display tcp and dst port 80

and then carriage return, and you should see the display only list
the http traffic.  To get rid of the display filter, type:

    'f'

and just back over the filter, leaving the 'display', and then hit  
carriage
return, the filter will be discarded.

you can have all three types of filters active at the same time,, and  
ratop()
will display each of the them on the command line.  To get rid of a  
specific
one, just type the keyword after calling up the "Specify filter: "  
prompt, and
carriage return and the filter will be discarded.

Hope this is helpful,

Carter



On Feb 13, 2007, at 7:34 PM, Stéphane Peters wrote:

> >Description:
>        On ratop, the 'f' command, that permits to change the filter,
>        has no effect except displaying "Specify filter:   
> <anyfilter> filter accepted"
>        at the bottom of the screen, without applying it.
>
>        The same filter given on the command line is working as  
> expected.
>
> >How-To-Repeat:
>        launch ratop on some data
>        type f followed by any filter
>
> >Fix:
>        not known
>
> >Originator:    ARGUS
> >Argus support: none
> >Release:       argus-3.0
> >Product:       ratop
> >Synopsis:      unable to change filter ('f' command)
> >Class:         sw-bug
> >Severity:      non-critical
> >Priority:      low
>
> >Environment:   <machine, os, target, libraries (multiple lines)>
>
> System:  Linux argus-fedora.forem.be 2.6.5-1.358 #1 Sat May 8  
> 09:04:50 EDT 2004 i686 i686 i386 GNU/Linux
> Arch:    i686
>
> Paths:    /export/home/argus/argus-clients-3.0.0.rc.39/bin/ra /usr/ 
> bin/make /usr/bin/gmake /usr/bin/gcc /usr/bin/cc
>
>
> RA:      Ra Version 3.0.0.rc.39
>
>
> GCC:     Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/ 
> 3.3.3/specs
> Configured with: ../configure --prefix=/usr --mandir=/usr/share/man  
> --infodir=/usr/share/info --enable-shared --enable-threads=posix -- 
> disable-checking --disable-libunwind-exceptions --with-system-zlib  
> --enable-__cxa_atexit --host=i386-redhat-linux
> Thread model: posix
> gcc version 3.3.3 20040412 (Red Hat Linux 3.3.3-7)
>
> LIBC:
> lrwxrwxrwx  1 root root 13 Jun  9  2004 /lib/libc.so.6 ->  
> libc-2.3.3.so
> -rwxr-xr-x  1 root root 1443920 May 11  2004 /lib/libc-2.3.3.so
> -rw-r--r--  1 root root 2308174 May 11  2004 /usr/lib/libc.a
> -rw-r--r--  1 root root 204 May 11  2004 /usr/lib/libc.so
> lrwxrwxrwx  1 root root 10 Jun  9  2004 /usr/lib/libc-client.a -> c- 
> client.a
> lrwxrwxrwx  1 root root 16 Jun  9  2004 /usr/lib/libc-client.so ->  
> libc-client.so.0
> -rwxr-xr-x  1 root root 763688 Apr  7  2004 /usr/lib/libc-client.so.0
>
>

More information about the argus mailing list