problem with ralabel and country code
jean-marc pouchoulon
jeanmarc.pouchoulon at gmail.com
Sat Aug 29 16:45:09 EDT 2009
Helo ,
I try these commands from
http://osdir.com/ml/network.argus/2007-10/msg00002.html.
ralabel -nnnR datadir -w - | racluster -m sco -w - | rasort -m bytes -s
stime dur sco trans pkts bytes state
but country code not seems to be append to the records and I get this one
line result
StartTime Flgs Proto sCo SrcAddr Sport Dir
dCo DstAddr Dport TotPkts TotBytes State
00:00:00.000000 Ne ip ZZ 0.0.0.0 ->
ZZ 0.0.0.0 2574989 1070763217 INT
In debug mode I can see a "ref" to Country code :
ralabel[2986.4039d4b7]: 22:27:55.723204 ArgusPrintCountryCode (0xb7d00008,
0xb7c9e538, 0xb7c9e264, 1, 3, 0xbfcb23b8) returning
00:00:01.584000 Ne tcp wy-in-f147.google*.http ->
proxecoles...*.34912 8 6192 FIN
ralabel[2986.4039d4b7]: 22:27:55.723261 RaProcessRecord (0xb7c9e538)
returning
Am I doing something wrong with these options of ralabel.conf file ?
RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/usr/local/share/GeoIP/GeoIPASNum.dat"
Is there is a way to select all argus records within a specific country ?
thanks again for your help
argus-client version = 3.0.2 beta 12
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090829/736ad08b/attachment.html>
More information about the argus
mailing list