argus client commands, unexpected results?

carter at qosient.com carter at qosient.com
Tue Nov 17 10:22:35 EST 2009 

Hey Matt,
You have to out a '-' before the filter.
In your last command, your are trying to read "host" and "10......." as inputfiles.  If you were to use the "-D" option, it would tell you.

ra -r ./argus.2009_11_16_1640.out host 10.192.1.23

Becomes 

ra -r ./argus.2009_11_16_1640.out - host 10.192.1.23


Carter 
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Matt Sheridan <mattmail5050 at gmail.com>
Date: Mon, 16 Nov 2009 16:52:31 
To: <argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] argus client commands, unexpected results?

Two commands seem to be returning unexpected results. The tar I downloaded
just a week ago was named argus-clients-3.0.0.tar. Installed on RHEL5 Intel
64bit.

Running ratop just hangs (ratop -S localhost:561). No new prompt, just hangs
on carriage return. I originally thought this was just a terminal isssue. I
am VT100 on a SecureCRT ssh session. But when I began to have other issues,
I wondered if it was symptomatic of something else.

running ra against a argus server with parsing laguage returns results as
expected, running it against a argus file does not - it simply returns all
results. So:

Using the local argus server on a listening port:

[root at xxxxxx 127.0.0.1]# ra -S localhost:561 host 10.192.1.23
   16:46:44.047054  M         tcp        10.192.1.23.33170     ->
x.x.x.x.https         4        240   FIN
   16:46:44.096464  M         tcp        10.192.1.23.42979     ->
x.x.x.x.https         4        240   FIN
   16:46:44.336521  M         tcp        10.192.1.23.15801     ->
x.x.x.x.https         4        240   FIN
   16:46:44.524054  M        icmp    x.x.x.x          <->
10.192.1.23               2        196   ECO
   16:46:44.777712  M         tcp        10.192.1.23.20676     ->
x.x.x.x.https        54      30136   CON

using a local file, written by rastream:

ra -r ./argus.2009_11_16_1640.out host 10.192.1.23

just dumps out the entire .out file.


Thanks for your help!
Matt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091117/053bafa1/attachment.html>

More information about the argus mailing list