racount and other commands won't run under argus-clients-3.0.0.rc.68
Mathew Brown
mathewbrown at fastmail.fm
Mon Jan 28 12:06:28 EST 2008
Thanks Carter. Removing the /etc/ra.conf fixed the issue. But why does
racount look at the old file if it does not use it? Would this be
considered a bug? Thanks.
On Mon, 28 Jan 2008 01:41:19 -0500, "Carter Bullard"
<carter at qosient.com> said:
> The ra.conf is a carry over from argus-2.x. You should remove it or
> replace
> it with a rarc file in ./support/Config. And you should have a .rarc
> file in your
> home directory.
>
> Carter
>
> On Jan 27, 2008, at 1:52 PM, Mathew Brown wrote:
>
> > Hi,
> >
> > I'm new to Argus and just recently compiled and installed argus and
> > argus-clients on a Debian machine. I'm able to run argus
> > successfully:
> >
> > argus -r capture.cap -w capture.cap.argus
> >
> > works fine. However, when I try to run any of the r-commands such as
> > rahosts or racount, it gives me the following error such as:
> >
> > racount -ar capture.cap.argus
> > racount[27189]: 20:51:15.185652 /etc/ra.conf: syntax error line 199
> > racount records total_pkts src_pkts dst_pkts
> > total_bytes src_bytes dst_bytes
> > sum 0 0 0 0 0
> > 0 0
> >
> > Looking into /etc/ra.conf on line 199, I see the following:
> >
> > RA_PRINT_HOSTNAMES=no
> >
> > Any ideas? Thanks for your help.
> >
> > PS. I'm currently using argus-3.0.0 and
> > argus-clients-3.0.0.rc.68.tar.gz
> > --
> > Mathew Brown
> > mathewbrown at fastmail.fm
> >
> > --
> > http://www.fastmail.fm - Accessible with your email software
> > or over the web
> >
> >
--
Mathew Brown
mathewbrown at fastmail.fm
--
http://www.fastmail.fm - Faster than the air-speed velocity of an
unladen european swallow
More information about the argus
mailing list