argus metric: srng and erng

[CS Lee]

Hi all,

I'm checking on argus metric now, and figure there are srng and erng in
ra.print.all.conf, when i search in argus server directory -

find ../argus-3.0.0 -type f | xargs egrep -i 'srng|erng'
../argus-3.0.0/include/argus_client.h:   "srng",
../argus-3.0.0/include/argus_client.h:   "erng",

But when i search in argus client directory -

find ../argus-clients-3.0.0.rc.58 -type f | xargs egrep -i 'erng'
../argus-clients-3.0.0.rc.58/support/Config/ra.print.all.conf:RA_FIELD_SPECIFIER=
srcid stime ltime trans flgs dur avgdur stddev mindur maxdur saddr daddr
proto sport dport stos dtos sdsb ddsb sttl dttl sipid dipid pkts spkts dpkts
bytes sbytes dbytes appbytes sappbytes dappbytes sload dload load sloss
dloss loss sploss dploss ploss srate drate rate smac dmac dir sintpkt
dintpkt sintpktact dintpktact sintpktidl dintpktidl sintpktmax sintpktmin
dintpktmax dintpktmin sintpktactmax sintpktactmin dintpktactmax
dintpktactmin sintpktidlmax sintpktidlmin dintpktidlmax dintpktidlmin jit
sjit djit jitact sjitact djitact jitidl sjitidl djitidl state ddur dstime
dltime dspkts ddpkts dsbytes ddbytes pdspkts pddpkts pdsbytes pddbytes suser
duser tcpext swin dwin jdelay ldelay seq bins binnum smpls dmpls svlan dvlan
svid dvid svpri dvpri srng erng stcpb dtcpb tcprtt inode

When I try -
ra -L0 -nr tcpshake.arg -s srng erng
SRange

ra -L0 -nr tcpshake.arg -s srng drng
SRange ERange

After checking on the client source, i think it should be drng but why is it
ERange, it should be DRange

../argus-clients-3.0.0.rc.58/include/argus_util.h:   { "drng", "", 6 , 1,
ArgusPrintDstRange, ArgusPrintDstRangeLabel},

However I don't take a closer look of how I can make use of Source range and
Destination range, maybe hint from Carter?

Thanks ;]

-- 
Best Regards,

CS Lee<geekooL[at]gmail.com>

http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20071011/9ef739e1/attachment.html>