Oddness in rc41
Carter Bullard
carter at qosient.com
Tue Mar 13 18:40:48 EDT 2007
So when the RA_CISCONETFLOW_PORT is set, the ra* program
is expecting Cisco Netflow records, so when it starts reading, and
it gets argus records instead, it exits.
This seems like the correct behavior. I'll put in an error message.
Best not to set this in your ~/.rarc file, unless you are really reading
Netflow records.
Carter
On Mar 13, 2007, at 6:19 PM, Mike Iglesias wrote:
> Carter Bullard wrote:
>> Hmmm, you're going to have to be a bit more detailed if you have a
>> problem.
>> Maybe uploading the argus.out file would be useful, if there
>> actually is a
>> problem?
>
> You're right, that was not very well written. What I meant to say
> at the end
> is that given those conditions, ra generated no output. If I
> removed the
> .rarc file, it generates output from the argus.out file.
>
> So my question is, does the RA_CISCONETFLOW_PORT in ~/.rarc cause
> the -r to be
> overridden so no output is generated?
>
>
> --
> Mike Iglesias
> UCI Network Security Team Email: security at uci.edu
> University of California, Irvine phone: 949-824-6926
> Network & Academic Computing Services FAX: 949-824-2069
>
>
>
More information about the argus
mailing list