racount and other commands won't run under argus-clients-3.0.0.rc.68

Carter Bullard carter at qosient.com
Mon Jan 28 13:16:16 EST 2008 

Oh, /etc/ra.conf is still a valid systems wide ra* configuration file,
its just the one you had on the machine was old, and had obsolete
variables in the file.  The idea is to 'strongly suggest' an upgrade
of their system configuration files when upgrading to argus-3.0.

The configuration strategy for the ra* programs follow this logic:
If you don't provide a "-F ra.conf" option to a ra* program, it will
first open the system-wide /etc/ra.conf file to 'prime' the  
configuration
pump.  It will then look in your $ARGUSHOME/ra.conf file, and then
in the $ARGUSPATH/.rarc files to get all the configuration items it
needs.  If there is no $ARGUSPATH, then it will look in ~/.rarc.

Seems kinda complex, but its really all there for convenience.

The /etc/ra.conf file can provide system specific restrictions, the
personal one can provide user oriented extensions/modifications,
and the $ARGUSPATH allows you to substitute if needed.  Many
programs these types of strategies, like bash().

If you had put a newer ./support/Config/rarc file as /etc/ra.conf, it  
would
have worked fine.

Carter





On Jan 28, 2008, at 12:06 PM, Mathew Brown wrote:

> Thanks Carter.  Removing the /etc/ra.conf fixed the issue.  But why  
> does
> racount look at the old file if it does not use it?  Would this be
> considered a bug?  Thanks.
>
> On Mon, 28 Jan 2008 01:41:19 -0500, "Carter Bullard"
> <carter at qosient.com> said:
>> The ra.conf is a carry over from argus-2.x.  You should remove it or
>> replace
>> it with a rarc file in ./support/Config.  And you should have a .rarc
>> file in your
>> home directory.
>>
>> Carter
>>
>> On Jan 27, 2008, at 1:52 PM, Mathew Brown wrote:
>>
>>> Hi,
>>>
>>> I'm new to Argus and just recently compiled and installed argus and
>>> argus-clients on a Debian machine.  I'm able to run argus
>>> successfully:
>>>
>>> argus -r capture.cap -w capture.cap.argus
>>>
>>> works fine.  However, when I try to run any of the r-commands such  
>>> as
>>> rahosts or racount, it gives me the following error such as:
>>>
>>>  racount -ar capture.cap.argus
>>>  racount[27189]: 20:51:15.185652 /etc/ra.conf: syntax error line 199
>>>  racount   records     total_pkts     src_pkts       dst_pkts
>>>  total_bytes        src_bytes          dst_bytes
>>>   sum   0           0              0              0              0
>>>                0                  0
>>>
>>> Looking into /etc/ra.conf on line 199, I see the following:
>>>
>>> RA_PRINT_HOSTNAMES=no
>>>
>>> Any ideas?  Thanks for your help.
>>>
>>> PS.  I'm currently using argus-3.0.0 and
>>> argus-clients-3.0.0.rc.68.tar.gz
>>> -- 
>>> Mathew Brown
>>> mathewbrown at fastmail.fm
>>>
>>> -- 
>>> http://www.fastmail.fm - Accessible with your email software
>>>                         or over the web
>>>
>>>
> -- 
>  Mathew Brown
>  mathewbrown at fastmail.fm
>
> -- 
> http://www.fastmail.fm - Faster than the air-speed velocity of an
>                          unladen european swallow
>
>

More information about the argus mailing list