argus client commands, unexpected results?

Matt Sheridan mattmail5050 at gmail.com
Tue Nov 17 10:29:45 EST 2009 

Excellent, that worked. Thank you. I saw that syntax of "-" in the man
pages, and tried a few variations, but apparently not the right one.

Is there any similarly simple reason that ratop does not return any results?
Could that be related to the type of session I am using (SSH over
SecureCRT)?

Both from local file and local server hang on carriage return:

[root at xxxxx 127.0.0.1]# ratop -S localhost:561
[root at xxxxx 127.0.0.1]# ratop -r ./argus.2009_11_17_1020.out

I appreciate your time.

Matt


On Tue, Nov 17, 2009 at 10:22 AM, <carter at qosient.com> wrote:

> Hey Matt,
> You have to out a '-' before the filter.
> In your last command, your are trying to read "host" and "10......." as
> inputfiles. If you were to use the "-D" option, it would tell you.
>
>
> ra -r ./argus.2009_11_16_1640.out host 10.192.1.23
>
> Becomes
>
> ra -r ./argus.2009_11_16_1640.out - host 10.192.1.23
>
>
> Carter
>
> Sent from my Verizon Wireless BlackBerry
> ------------------------------
> *From: * Matt Sheridan <mattmail5050 at gmail.com>
> *Date: *Mon, 16 Nov 2009 16:52:31 -0500
> *To: *<argus-info at lists.andrew.cmu.edu>
> *Subject: *[ARGUS] argus client commands, unexpected results?
>
> Two commands seem to be returning unexpected results. The tar I downloaded
> just a week ago was named argus-clients-3.0.0.tar. Installed on RHEL5 Intel
> 64bit.
>
> Running ratop just hangs (ratop -S localhost:561). No new prompt, just
> hangs on carriage return. I originally thought this was just a terminal
> isssue. I am VT100 on a SecureCRT ssh session. But when I began to have
> other issues, I wondered if it was symptomatic of something else.
>
> running ra against a argus server with parsing laguage returns results as
> expected, running it against a argus file does not - it simply returns all
> results. So:
>
> Using the local argus server on a listening port:
>
> [root at xxxxxx 127.0.0.1]# ra -S localhost:561 host 10.192.1.23
>    16:46:44.047054  M         tcp        10.192.1.23.33170     ->
> x.x.x.x.https         4        240   FIN
>    16:46:44.096464  M         tcp        10.192.1.23.42979     ->
> x.x.x.x.https         4        240   FIN
>    16:46:44.336521  M         tcp        10.192.1.23.15801     ->
> x.x.x.x.https         4        240   FIN
>    16:46:44.524054  M        icmp    x.x.x.x          <->
> 10.192.1.23               2        196   ECO
>    16:46:44.777712  M         tcp        10.192.1.23.20676     ->
> x.x.x.x.https        54      30136   CON
>
> using a local file, written by rastream:
>
> ra -r ./argus.2009_11_16_1640.out host 10.192.1.23
>
> just dumps out the entire .out file.
>
>
> Thanks for your help!
> Matt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091117/6f26f51f/attachment.html>

More information about the argus mailing list