argus-clients: funny command line parsing
Wolfgang Barth
wob at swobspace.de
Thu Sep 20 14:13:25 EDT 2007
Hi,
I've updated my argus-clients to 3.0.0-rc.55. Now my ragraph scripts won't
work anymore. I think the problem is in the command line argument parsing
of all argus client:
1) ra -r argus.log - ip
=> works
2) ra -r argus.log -t 2007/09/20 - ip
error: invalid time range startime_t 1190239200 lasttime_t -1
ra[17563]: 2007-09-20 19:59:47 time syntax error 2007/09/20-ip
It doesn't matter which filter you use, in this case -t eats the following
'-'. But:
3) ra -t 2007/09/20 -r /var/log/argus/argus.log - ip
=> works
If -t 2007/09/20 is followed by another ra-option, -t works as expected.
4) ra -r argus.log -t 2007/09/20.10-11 - ip
=> works
If -t get a from-to specification, the problem disappears. You should
terminate parsing an argument for -t if there is a space, not depended of a
following ra-option.
I don't know why argus uses a self defined, manual coded command line
parsing and not a standard long getopt routine (with -- as terminator to
interpreting command line options).
I prefere a common standard syntax like
ra -s stime,saddr,daddr -r argus.log -- <filter>
or better:
ra --fields=stime,saddr,daddr --input=argus.log --filter='<filter spec>'
instead of
ra -s stime saddr daddr -r argus.log - <filter>
The argus way is much more difficult to parse and harder to debug.
Wolfgang
--
<wob (at) swobspace de> * http://www.swobspace.de
More information about the argus
mailing list