Formatting Change with RA Output in Beta 5???
Carter Bullard
carter at qosient.com
Mon Apr 13 11:40:05 EDT 2009
Hmmmm,
Its not suppose to do that, so I'll take a look and try to have a
response by tonight.
Everything else working out ok?
Carter
On Apr 13, 2009, at 11:32 AM, Mark Bartlett wrote:
> Hey Carter,
>
> Was there any format change in the 'new' Beta Release?? (Release
> argus-clients-3.0.2.beta.5)
>
> when I run this command using the 3.0.0 release I get the following:
>
> /opt/ARGUS/SCRIPTS/TOOLS/ra -F /opt/ARGUS/CONF/excel.rarc -r
> /tmp/argus_04-13-2009_1438_argus_server.out.gz - tcp or udp or icmp
>
> 8881,2009
> -04
> -13,14
> :
> 10
> :
> 13,2009
> -04
> -13,14
> :
> 10
> :
> 13,0.047441,172.31.100.100,10.10.50.22,6,36106,5666,3857,1951,1906,16,9,7
> ,->,1,33431450,
> e s
>
> If I run the 'same' command with 3.0.2 BETA 5 i get the following:
>
> 10544,2009-04-13,15:00:01,2009-04-13,15:00:02, 0.357279,
> 192.168.50.139, 192.168.50.138, 6,32823,3366, 7851,
> 3494, 4357, 47, 24, 23, ->, 1,
> 135, e
>
> As you can see, there are more 'spaces' in the fields....
>
> here is my excel.rarc stuff:
>
> RA_FIELD_DELIMITER=','
> RA_PRINT_NAMES=none
> RA_FIELD_SPECIFIER="srcid stime ltime dur saddr daddr proto sport
> dport bytes sbytes dbytes pkts spkts dpkts dir tra
> ns seq flgs"
> RA_TIME_FORMAT="%Y-%m-%d,%H:%M:%S"
> RA_USEC_PRECISION=6
> RA_FILTER="not man"
>
> Just wondering because with the 'extra' spaces it is now throwing off
> some of the data in my DB, the saddr field is now missing the last
> octet of the IP addy... I am using CHAR(15) for my saddr and daddr
> fields...
>
> `saddr` char(15) NOT NULL DEFAULT '',
> `daddr` char(15) NOT NULL DEFAULT '',
>
> Thanks... Great STUFF!!!!
>
> mab
>
More information about the argus
mailing list