stime is zero bug
Robin Gruyters
r.gruyters at yirdis.nl
Mon Jun 25 10:50:41 EDT 2007
Hey Carter,
Back from my holiday and we have this option not set in our
configuration file.
I have checked the dstime and dltime on one of our argus files and I
only get blank lines back. So it looks like that the default argus is
ARGUS_GENERATE_BIDIRECTIONAL_TIMESTAMPS=no
Regards,
Robin Gruyters
Network and Security Engineer
Yirdis B.V.
I: http://yirdis.com
P: +31 (0)36 5300394
F: +31 (0)36 5489119
Quoting carter at qosient.com:
> Hey Wolfgang,
> Should be "no". Easy way to test is to print out fields like dstime
> (dst start time) or dltime (dst last time)? The ra manpage does
> list these printable fields, if I have the names wrong.
>
> Rasplit forgot to test if the starting timestamp was in the dest
> time field, and it however is smart enough to split records in a way
> that just has dst -> src data in it!!
>
> Carter
>
> Carter Bullard
> QoSient LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
> -----Original Message-----
> From: wob at swobspace.de (Wolfgang Barth)
>
> Date: Sat, 16 Jun 2007 16:46:42
> To:Carter Bullard <carter at qosient.com>
> Cc:argus-info at lists.andrew.cmu.edu
> Subject: Re: [ARGUS] stime is zero bug
>
>
> On Sat, Jun 16, 2007 at 09:34:03AM -0400, Carter Bullard wrote:
>
>> I have fixed the rasplit() "stime is zero" bug, but need a little bit
>> more
>> information to determine if the fix is complete.
>>
>> Are all sites that have experienced this problem, running any argus
>> with the new ARGUS_GENERATE_BIDIRECTIONAL_TIMESTAMPS
>> option set to "yes"?
>
> No, I heared of it the first time. What is the default if not set in the
> config file?
>
> Wolfgang
> --
> <wob (at) swobspace de> * http://www.swobspace.de
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: PGP Digital Signature
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070625/745ea2c9/attachment.sig>
More information about the argus
mailing list