Formatting Change with RA Output in Beta 5???
Mark Bartlett
mabartle at gmail.com
Mon Apr 13 11:32:22 EDT 2009
Hey Carter,
Was there any format change in the 'new' Beta Release?? (Release
argus-clients-3.0.2.beta.5)
when I run this command using the 3.0.0 release I get the following:
/opt/ARGUS/SCRIPTS/TOOLS/ra -F /opt/ARGUS/CONF/excel.rarc -r
/tmp/argus_04-13-2009_1438_argus_server.out.gz - tcp or udp or icmp
8881,2009-04-13,14:10:13,2009-04-13,14:10:13,0.047441,172.31.100.100,10.10.50.22,6,36106,5666,3857,1951,1906,16,9,7,->,1,33431450,
e s
If I run the 'same' command with 3.0.2 BETA 5 i get the following:
10544,2009-04-13,15:00:01,2009-04-13,15:00:02, 0.357279,
192.168.50.139, 192.168.50.138, 6,32823,3366, 7851,
3494, 4357, 47, 24, 23, ->, 1,
135, e
As you can see, there are more 'spaces' in the fields....
here is my excel.rarc stuff:
RA_FIELD_DELIMITER=','
RA_PRINT_NAMES=none
RA_FIELD_SPECIFIER="srcid stime ltime dur saddr daddr proto sport
dport bytes sbytes dbytes pkts spkts dpkts dir tra
ns seq flgs"
RA_TIME_FORMAT="%Y-%m-%d,%H:%M:%S"
RA_USEC_PRECISION=6
RA_FILTER="not man"
Just wondering because with the 'extra' spaces it is now throwing off
some of the data in my DB, the saddr field is now missing the last
octet of the IP addy... I am using CHAR(15) for my saddr and daddr
fields...
`saddr` char(15) NOT NULL DEFAULT '',
`daddr` char(15) NOT NULL DEFAULT '',
Thanks... Great STUFF!!!!
mab
More information about the argus
mailing list