Can no more set the srcid
Claudio Luck
cluck at ethz.ch
Sun Jul 18 08:41:36 EDT 2010
Hello
Setting the srcid (the "-e" option) no more works for me in argus
3.0.3.15 (and 3.0.3.12).
This command line used to produce the expected output until 3.0.2:
# /usr/local/sbin/argus -d -P0 -M90 -mpRAJ -i eth1 -e 172.17.15.2 -S 60 -w /var/log/sensor-172.17.15.2.argus.log
When looking at the logfile while switching versions from 3.0.2 to
3.0.3.15 illustrates the problem:
# racluster -nr /var/log/sensor-172.17.15.2.argus.log -m srcid -s +srcid
13:39:01.911873 *U F ip 0.0.0.0 <-> 0.0.0.0 2217178 1712939753 CON 172.17.15.2
13:43:52.272594 *U F ip 0.0.0.0 <-> 0.0.0.0 404756 314137927 CON 0.0.0.0
This normally has only one line, the first. When going back to 3.0.2 all
is back to normal.
Running on Debian GNU/Linux 5.0.4 (lenny), Intel x86 32bit Platform.
--
Gruss
Claudio Luck
More information about the argus
mailing list