racount
Mathew Brown
mathewbrown at fastmail.fm
Mon Jan 28 14:46:08 EST 2008
Hi CS,
Thanks. However, it seems strange that the -a option was removed, so
you only get a one-line summary and not the details that you could get
from argus v2.x I think the 2.x version of racount provided more
information than the current 3.x version.
On Tue, 29 Jan 2008 01:11:19 +0800, "CS Lee" <geek00l at gmail.com> said:
> Hi Matthew,
>
> There's no -a option, simply use -
>
> racount -r whatever.argus3
>
> This will produce result you need.
>
> Date: Sun, 27 Jan 2008 10:52:59 -0800
> From: "Mathew Brown" <mathewbrown at fastmail.fm>
> Subject: [ARGUS] racount and other commands won't run under
> argus-clients-3.0.0.rc.68
> To: argus-info at lists.andrew.cmu.edu
> Message-ID: <1201459980.14910.1233537409 at webmail.messagingengine.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> I'm new to Argus and just recently compiled and installed argus and
> argus-clients on a Debian machine. I'm able to run argus
> successfully:
>
> argus -r capture.cap -w capture.cap.argus
>
> works fine. However, when I try to run any of the r-commands such as
> rahosts or racount, it gives me the following error such as:
>
> racount -ar capture.cap.argus
> racount[27189]: 20:51:15.185652 /etc/ra.conf: syntax error line 199
> racount records total_pkts src_pkts dst_pkts
> total_bytes src_bytes dst_bytes
> sum 0 0 0 0 0
> 0 0
>
> Looking into /etc/ra.conf on line 199, I see the following:
>
> RA_PRINT_HOSTNAMES=no
>
> Any ideas? Thanks for your help.
>
> PS. I'm currently using argus-3.0.0 and
> argus-clients-3.0.0.rc.68.tar.gz
> --
> Mathew Brown
> mathewbrown at fastmail.fm
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
--
Mathew Brown
mathewbrown at fastmail.fm
--
http://www.fastmail.fm - Same, same, but different
More information about the argus
mailing list