Formatting Change with RA Output in Beta 5???

Carter Bullard carter at qosient.com
Mon Apr 13 17:26:58 EDT 2009 

Hey Guys,
I'll make the change so that that is the default behavior.
Thanks Dan!!!!!

Carter

On Apr 13, 2009, at 1:40 PM, Mark Bartlett wrote:

> The RA_FIELD_WIDTH=variable does fix the issue.. Thanks.
>
> On Mon, Apr 13, 2009 at 12:16 PM, Daniel V. Klein <dvk at lonewolf.com>  
> wrote:
>> If you add
>>        RA_FIELD_WIDTH=variable
>> to your .rarc, it'll work largely as before...
>>
>> -Dan
>>
>> On Apr 13, 2009, at 11:40 AM, Carter Bullard wrote:
>>
>>> Hmmmm,
>>> Its not suppose to do that, so I'll take a look and try to have a
>>> response by tonight.
>>>
>>> Everything else working out ok?
>>>
>>> Carter
>>>
>>> On Apr 13, 2009, at 11:32 AM, Mark Bartlett wrote:
>>>
>>>> Hey Carter,
>>>>
>>>> Was there any format change in the 'new' Beta Release??  (Release
>>>> argus-clients-3.0.2.beta.5)
>>>>
>>>> when I run this command using the 3.0.0 release I get the  
>>>> following:
>>>>
>>>> /opt/ARGUS/SCRIPTS/TOOLS/ra -F /opt/ARGUS/CONF/excel.rarc -r
>>>> /tmp/argus_04-13-2009_1438_argus_server.out.gz - tcp or udp or icmp
>>>>
>>>> 8881,2009
>>>> -04
>>>> -13,14
>>>>
>>>> : 
>>>> 10 
>>>> : 
>>>> 13,2009 
>>>> -04 
>>>> -13,14 
>>>> : 
>>>> 10 
>>>> : 
>>>> 13,0.047441,172.31.100.100,10.10.50.22,6,36106,5666,3857,1951,1906,16,9,7 
>>>> ,->,1,33431450,
>>>> e s
>>>>
>>>> If I run the 'same' command with 3.0.2 BETA 5 i get the following:
>>>>
>>>>           10544,2009-04-13,15:00:01,2009-04-13,15:00:02,  0.357279,
>>>>  192.168.50.139,    192.168.50.138,     6,32823,3366,      7851,
>>>>  3494,        4357,      47,      24,      23,   ->,     1,
>>>> 135, e
>>>>
>>>> As you can see, there are  more 'spaces' in the fields....
>>>>
>>>> here is my excel.rarc stuff:
>>>>
>>>> RA_FIELD_DELIMITER=','
>>>> RA_PRINT_NAMES=none
>>>> RA_FIELD_SPECIFIER="srcid stime ltime dur saddr daddr proto sport
>>>> dport bytes sbytes dbytes pkts spkts dpkts dir tra
>>>> ns seq flgs"
>>>> RA_TIME_FORMAT="%Y-%m-%d,%H:%M:%S"
>>>> RA_USEC_PRECISION=6
>>>> RA_FILTER="not man"
>>>>
>>>> Just wondering because with the 'extra' spaces it is now throwing  
>>>> off
>>>> some of the data in my DB, the saddr field is now missing the last
>>>> octet of the IP addy...  I am using CHAR(15) for my saddr and daddr
>>>> fields...
>>>>
>>>> `saddr` char(15) NOT NULL DEFAULT '',
>>>> `daddr` char(15) NOT NULL DEFAULT '',
>>>>
>>>> Thanks... Great STUFF!!!!
>>>>
>>>> mab
>>>>
>>>
>>>
>>
>>
>

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax

More information about the argus mailing list