man records in 3.0
Peter Van Epp
vanepp at sfu.ca
Tue Sep 23 14:26:27 EDT 2008
On Tue, Sep 23, 2008 at 01:51:42PM -0400, Carter Bullard wrote:
> Hey Peter,
> I think the most important thing is to make the changes so the script is
> logical and intelligible. So, if we are having direction problems, we
> really should fix them. Between v2 and v3, I took out the cleverness
> that we had to 'correct' the direction, as it was slightly flawed (scans
> especially), and it hid the "ground truth" of the packets on the wire.
> The direction had been a complex set of conditions in the probe
> and in the client reading the data stream, so the work to clean that
> up should have worked. If not, definitely need to fix it.
> Adding support for printing missing fields is always high on the list.
> Regarding the argusid of the v3 records, printing the 'srcid' of a v3
> man record doesn't print the argusid. Definitely need to fix that.
> OK, so this thread has a number of changes to consider, could you
> give me a brief list of what you need to get the ball rolling? I've
> got print initial mar record with the version string in the 'dir' field
> as the #1. Anything next?
The version number in the man records does it for me (at least so far
:-)). With that I can figure out what to do on V3 records when I get time
(hopefully soon trouble willing :-)). As noted it may be "don't do much at
all as the direction is now right :-). As noted I think a v2 data stream being
processed by the 3.0 client is working fine now all I need to do is clean up
v3 data stream issues and I should be good to go for one last release of the
traffic scripts which I promised someone months ago :-). The source ID isn't
biting me but also doesn't seem to be correct and thats the only other issue
I know of.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus