problem with ralabel and country code
jean-marc pouchoulon
jeanmarc.pouchoulon at gmail.com
Sat Aug 29 17:07:30 EDT 2009
hey Carter,
I'm using -f option:
ralabel -nnn -f /usr/local/argus/ralabel.conf -r
/var/argus/2009/08/28/argus_00\:00\:00 -w - |racluster -m sco
StartTime Flgs Proto sCo SrcAddr Sport Dir
dCo DstAddr Dport TotPkts TotBytes State
00:00:00.000000 Ne ip ZZ 0.0.0.0 ->
ZZ 0.0.0.0 2574989 1070763217 INT
jean-marc
2009/8/29 Carter Bullard <carter at qosient.com>
> Hey Jean-Marc,So you need to use the "-f /path/to/your/ralabel.conf".
> Without this, ralabel() doesn't
> know to add a country code?
> Carter
>
> On Aug 29, 2009, at 4:45 PM, jean-marc pouchoulon wrote:
>
> Helo ,
>
> I try these commands from
> http://osdir.com/ml/network.argus/2007-10/msg00002.html.
>
> ralabel -nnnR datadir -w - | racluster -m sco -w - | rasort -m bytes -s
> stime dur sco trans pkts bytes state
>
> but country code not seems to be append to the records and I get this
> one line result
>
> StartTime Flgs Proto sCo SrcAddr Sport Dir
> dCo DstAddr Dport TotPkts TotBytes State
> 00:00:00.000000 Ne ip ZZ 0.0.0.0 ->
> ZZ 0.0.0.0 2574989 1070763217 INT
>
> In debug mode I can see a "ref" to Country code :
>
> ralabel[2986.4039d4b7]: 22:27:55.723204 ArgusPrintCountryCode (0xb7d00008,
> 0xb7c9e538, 0xb7c9e264, 1, 3, 0xbfcb23b8) returning
> 00:00:01.584000 Ne tcp wy-in-f147.google*.http ->
> proxecoles...*.34912 8 6192 FIN
> ralabel[2986.4039d4b7]: 22:27:55.723261 RaProcessRecord (0xb7c9e538)
> returning
>
> Am I doing something wrong with these options of ralabel.conf file ?
>
> RALABEL_GEOIP_ASN=yes
> RALABEL_GEOIP_ASN_FILE="/usr/local/share/GeoIP/GeoIPASNum.dat"
>
>
> Is there is a way to select all argus records within a specific country ?
>
> thanks again for your help
>
> argus-client version = 3.0.2 beta 12
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090829/8a764211/attachment.html>
More information about the argus
mailing list