racount and other commands won't run under argus-clients-3.0.0.rc.68
Carter Bullard
carter at qosient.com
Mon Jan 28 01:41:19 EST 2008
The ra.conf is a carry over from argus-2.x. You should remove it or
replace
it with a rarc file in ./support/Config. And you should have a .rarc
file in your
home directory.
Carter
On Jan 27, 2008, at 1:52 PM, Mathew Brown wrote:
> Hi,
>
> I'm new to Argus and just recently compiled and installed argus and
> argus-clients on a Debian machine. I'm able to run argus
> successfully:
>
> argus -r capture.cap -w capture.cap.argus
>
> works fine. However, when I try to run any of the r-commands such as
> rahosts or racount, it gives me the following error such as:
>
> racount -ar capture.cap.argus
> racount[27189]: 20:51:15.185652 /etc/ra.conf: syntax error line 199
> racount records total_pkts src_pkts dst_pkts
> total_bytes src_bytes dst_bytes
> sum 0 0 0 0 0
> 0 0
>
> Looking into /etc/ra.conf on line 199, I see the following:
>
> RA_PRINT_HOSTNAMES=no
>
> Any ideas? Thanks for your help.
>
> PS. I'm currently using argus-3.0.0 and
> argus-clients-3.0.0.rc.68.tar.gz
> --
> Mathew Brown
> mathewbrown at fastmail.fm
>
> --
> http://www.fastmail.fm - Accessible with your email software
> or over the web
>
>
More information about the argus
mailing list