raconvert

Carter Bullard carter at qosient.com
Thu Jul 29 11:15:36 EDT 2010 

Hey CS Lee,
Yes, the user buffers do need some work.  So how do other systems, like csv,
deal with delimiters in the output?  Is there a universal escape strategy?

Good to see you around.
Carter

On Jul 28, 2010, at 11:23 AM, CS Lee wrote:

> hi Carter,
> 
> How's life, think I'm back and will blog more about argus and flow stuffs!
> 
> Regarding raconvert, the tricky part I see would be converting user data field that is printed because I used to have the problem when using , or other character as delimeter and end up need to do additional parsing to get user data extracted properly in the ascii flow records.
> 
> Gentle people,
> There is a new program in the clients distribution, raconvert(), with manpage.
> 
> This program is designed to convert ASCII based argus files to binary argus
> data records.   The ASCII must have a single character delimiter, such as a ',',
> but you can specify the delimiter, using the "-c char" option.
> 
>   ra -r argus.file -c ,  > /tmp/ra.txt
>   raconvert -r /tmp/ra.txt -w - | ra
> 
> raconvert() is not complete.  Currently, I'm handling maybe 50 out of the 180
> something fields that we can printout, but its time to put it out there, so if you
> try to use it, and some fields don't get converted, send me a sample ascii file,
> and I'll add the support that your field.
> 
> The records that we generate may not be complete.  It depends on how much
> information you provide in the ascii records.  For instance if you only have
> the "StartTime" field, without the "LastTime" field, the resulting binary argus
> record will have a duration of 0, so you want to ensure that you have enough
> information in the ascii output to convey all that you want.
> 
> Also, the name suggests that it should be able to do conversion, which may
> imply that it converts more than just one thing to another, so, ......,
> if you have any ideas as to what you would like to convert, just holler, and
> I'll see what I can do.
> 
> I will try to add XML conversion before the summer is done.
> 
> So why this program?  The primary reason is to support moving argus data
> around in environments that don't like binary data.  You convert the records
> to ASCII, printing as many fields as practical, move the file to the next location,
> and then convert them back to binary records so you can do work with them.
> Some high security places need this type of support.  But you could also use
> it as a means to create an argus data editor, if you wanted.
> 
> Hope you find this useful,
> 
> Carter
> 
> -- 
> Best Regards,
> 
> CS Lee<geek00L[at]gmail.com>
> 
> http://geek00l.blogspot.com
> http://defcraft.net





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100729/dbeee6e0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100729/dbeee6e0/attachment.bin>

More information about the argus mailing list