Can no more set the srcid
Carter Bullard
carter at qosient.com
Mon Jul 19 11:37:19 EDT 2010
Hey Claudio,
Yes, I'll fix that today, sorry for any inconvenience.
Carter
On Jul 18, 2010, at 8:41 AM, Claudio Luck wrote:
> Hello
>
> Setting the srcid (the "-e" option) no more works for me in argus
> 3.0.3.15 (and 3.0.3.12).
>
> This command line used to produce the expected output until 3.0.2:
>
> # /usr/local/sbin/argus -d -P0 -M90 -mpRAJ -i eth1 -e 172.17.15.2 -S 60 -w /var/log/sensor-172.17.15.2.argus.log
>
>
> When looking at the logfile while switching versions from 3.0.2 to
> 3.0.3.15 illustrates the problem:
>
> # racluster -nr /var/log/sensor-172.17.15.2.argus.log -m srcid -s +srcid
> 13:39:01.911873 *U F ip 0.0.0.0 <-> 0.0.0.0 2217178 1712939753 CON 172.17.15.2
> 13:43:52.272594 *U F ip 0.0.0.0 <-> 0.0.0.0 404756 314137927 CON 0.0.0.0
>
> This normally has only one line, the first. When going back to 3.0.2 all
> is back to normal.
>
> Running on Debian GNU/Linux 5.0.4 (lenny), Intel x86 32bit Platform.
>
>
> --
> Gruss
> Claudio Luck
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100719/cff90d97/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100719/cff90d97/attachment.bin>
More information about the argus
mailing list