argus-clients-3.0.3.21
carter at qosient.com
carter at qosient.com
Thu Dec 23 08:02:28 EST 2010
Hey Wolfgang,
Run these with the '-D 6' option, before the -t option, so we can see how your option is being parsed.
You should get a unix time from the debug output, and you can use a 'date -r' to see how we parsed it.
Carter
------Original Message------
From: Wolfgang Barth
To: Carter Bullard
Cc: Argus
ReplyTo: wob at swobspace.de
Subject: Re: [ARGUS] argus-clients-3.0.3.21
Sent: Dec 23, 2010 11:32 AM
Hi Carter,
> argus clients 3.0.3.21 is available for testing. It fixes a number of problems on the mailing list,
> especially a serious timestamp problem, as well as fixes for IPv6 CIDR address filters,
Sorry, the timestamp problem with rabins is not yet fixed. My logfile
contains data from 2010-12-23 10:05 until 2010-12-23 11:26.
1) rabins -M time 1m -r test.log.gz - tcp dst port 80
works.
2) rabins -M time 1m -r test.log.gz -t 2010/12/23 - tcp dst port 80
no data, no error
3) rabins -M time 1m -r test.log.gz -t 10-11 - tcp dst port 80
rabins[6422]: 2010-12-23 11:28:29 ArgusCalloc: malloc error Cannot
allocate memory
3) rabins -M time 1m -r test.log.gz -t 10:05-11:00 - tcp dst port 80
rabins[6531]: 2010-12-23 11:29:21 ArgusCalloc: malloc error Cannot
allocate memory
this range definitively contains data.
4) rabins -M time 1m -r test.log.gz -t 10:10-10:40 - tcp dst port 80
works.
Wolfgang
--
<wob (at) swobspace de> * http://www.swobspace.de
Sent from my Verizon Wireless BlackBerry
More information about the argus
mailing list