new code on the server
Carter Bullard
carter at qosient.com
Wed May 9 18:29:18 EDT 2007
Gentle people,
New code on the server for testing. The only change to argus-3.0.0
is an update for the client filter compiler, so that it will have the
additions that we have made to the client compiler functions
("encaps [gre | ether | mpls | ...]" and "[src | dst] appbytes [gt |
lt | eq] value" )
and some man page additions to clarify the switches and command
line options that are available, and basic argus.conf defaults. No
change in functionality.
Argus cygwin support does not look good, as there reports of
a segmentation fault on some machines in the routine
"init_display_handler()". This looks to be a stack problem,
and so we probably will not have cygwin support for argus,
in the release. The clients look fine for cygwin.
For the clients, there are a number of modifications based on
requests from the list, all of those requests were supported (filter
for appbytes, netflow srcid mods when reading from multiple
netflow sources at once, cygwin support).
ratop() has been restructured to look more like 'vi', so that we can
add more features in an intelligent way. I added regular expression
searching through the ratop() buffer, standard vi navigation, and
added the use of the ':' character to enter command mode. To add
all of this, I had to invent the "/" mode, and ":" modes, so we could
have enough single characters to do navigation and to also get
stuff done. The next step of course is to add a manpage, and
I still need to update the "help" screen, so I'm sorry for the lack
of documentation.
When you first run ratop, on either a file or a live stream, you are
in navigation mode, just like vi. From here you can use the standard
"h,j,k,l" characters, we support "b,w" to move forward and backward
words, and "^,$" to go to the beginning and end of a line, and to go
to a specific line, try ":linenum", just like vi.
Where we had single character 'hotkeys' for editing the flow model
or fields specific, these are now ":" commands. Type ":" and the single
character, and then it will work as it did before. When strings come up
that you can edit, ratop() now supports readline() functions and has a
history for searching and many other nice features, so hopefully it is
more useful. All of these functions are available even when ratop() is
working with a data stream, so its a pretty cool set of new features.
Thanks for all the support, and please keep those email/cards coming.
ftp://qosient.com/dev/argus-3.0
Carter
More information about the argus
mailing list