raconvert
CS Lee
geek00l at gmail.com
Wed Jul 28 11:23:29 EDT 2010
hi Carter,
How's life, think I'm back and will blog more about argus and flow stuffs!
Regarding raconvert, the tricky part I see would be converting user data
field that is printed because I used to have the problem when using , or
other character as delimeter and end up need to do additional parsing to get
user data extracted properly in the ascii flow records.
Gentle people,
There is a new program in the clients distribution, raconvert(), with
manpage.
This program is designed to convert ASCII based argus files to binary argus
data records. The ASCII must have a single character delimiter, such as a
',',
but you can specify the delimiter, using the "-c char" option.
ra -r argus.file -c , > /tmp/ra.txt
raconvert -r /tmp/ra.txt -w - | ra
raconvert() is not complete. Currently, I'm handling maybe 50 out of the
180
something fields that we can printout, but its time to put it out there, so
if you
try to use it, and some fields don't get converted, send me a sample ascii
file,
and I'll add the support that your field.
The records that we generate may not be complete. It depends on how much
information you provide in the ascii records. For instance if you only have
the "StartTime" field, without the "LastTime" field, the resulting binary
argus
record will have a duration of 0, so you want to ensure that you have enough
information in the ascii output to convey all that you want.
Also, the name suggests that it should be able to do conversion, which may
imply that it converts more than just one thing to another, so, ......,
if you have any ideas as to what you would like to convert, just holler, and
I'll see what I can do.
I will try to add XML conversion before the summer is done.
So why this program? The primary reason is to support moving argus data
around in environments that don't like binary data. You convert the records
to ASCII, printing as many fields as practical, move the file to the next
location,
and then convert them back to binary records so you can do work with them.
Some high security places need this type of support. But you could also use
it as a means to create an argus data editor, if you wanted.
Hope you find this useful,
Carter
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100728/8c7a0243/attachment.html>
More information about the argus
mailing list