Can no more set the srcid

Carter Bullard carter at qosient.com
Mon Jul 19 13:17:04 EDT 2010


Hey Claudio,
Found the problem, and here is a patch that should correct the existing argus-3.0.3.15.

thoth:argus carter$ p4 diff argus/ArgusSource.c
==== //depot/argus/argus/argus/ArgusSource.c#64 - /home/carter/argus/argus/argus/ArgusSource.c ====
3031,3032c3031,3037
<             src->ArgusID = device->ArgusID;
<             src->type    = device->idtype;
---
>             if (device->ArgusID.a_un.value != 0) {
>                src->ArgusID = device->ArgusID;
>             } else {
>                device->ArgusID = stask->ArgusID;
>                src->ArgusID    = stask->ArgusID;
>             }
>             src->type    = device->type;

I should have new code up in the next day or so.  If you have further problems, send email !!!!!
Thanks!!!

Carter

On Jul 18, 2010, at 8:41 AM, Claudio Luck wrote:

> Hello
> 
> Setting the srcid (the "-e" option) no more works for me in argus
> 3.0.3.15 (and 3.0.3.12).
> 
> This command line used to produce the expected output until 3.0.2:
> 
> # /usr/local/sbin/argus -d -P0 -M90 -mpRAJ -i eth1 -e 172.17.15.2 -S 60 -w /var/log/sensor-172.17.15.2.argus.log
> 
> 
> When looking at the logfile while switching versions from 3.0.2 to
> 3.0.3.15 illustrates the problem:
> 
> # racluster -nr /var/log/sensor-172.17.15.2.argus.log -m srcid -s +srcid
>   13:39:01.911873  *U   F     ip            0.0.0.0          <->            0.0.0.0         2217178 1712939753   CON        172.17.15.2
>   13:43:52.272594  *U   F     ip            0.0.0.0          <->            0.0.0.0          404756  314137927   CON            0.0.0.0
> 
> This normally has only one line, the first. When going back to 3.0.2 all
> is back to normal.
> 
> Running on Debian GNU/Linux 5.0.4 (lenny), Intel x86 32bit Platform.
> 
> 
> -- 
> Gruss
> Claudio Luck
> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100719/d6c997ca/attachment.bin>


More information about the argus mailing list