argus-clients-3.0.5.15, rabins and 32 Debian

Carter Bullard carter at qosient.com
Thu Jun 23 13:14:48 EDT 2011 

Hey Wolfgang,
OK, so I fixed a bug that was in the parsing logic for the file byte offset specification.
The "-r" option allows you to specify the starting byte offset and ending byte offset
when reading the file.  The syntax from the manpage is:

          -r [- | <file[::soffset[:eoffset]] ...>]

We had discovered the ':' in the filename, and decided to do our trailing ":%d" test
for the ending bytes offset, but we weren't getting a good value, regardless that the
requisite "::" didn't exist.

This is now fixed in argus-clients-3.0.5.16, which I'll put up tomorrow.
Here is the patch:

==== //depot/argus/clients/common/argus_util.c#257 - /Users/carter/argus/clients/common/argus_util.c ====
1216,1218c1216
<                      } else
<                         if ((ptr = strstr(optarg, ":")) != NULL) 
<                            usage ();
---
>                      }

Carter


On Jun 23, 2011, at 12:11 PM, Carter Bullard wrote:

> Hey Wolfgang,
> Yes I get the same behavior, so I'll check it out.
> Carter
> 
> 
> On Jun 23, 2011, at 3:09 AM, Wolfgang Barth wrote:
> 
>> Hey Carter,
>> 
>>> Hmmmm, not sure what that means.  my rabins() uses the same options you have below.
>>> thoth:tmp carter$ rabins -M rmon hard zero time 1m -m smac -r test.out -s stime spkts dpkts sbytes dbytes state
>> 
>> I found the problem: rename your log to something like
>> argus-2011-06-21-00:00:00.log and try it again.
>> 
>> My result:
>> 
>> rabins-3.0.5.15-i386 -M time 1m -r argus-2011-06-21-00:00:00.log
>> 
>> Rabins Version 3.0.5.15
>> usage: rabins-3.0.5.15-i386 -M splitmode [splitmode options] [raoptions]
>> options: -M <mode>         supported modes of operation:
>> ....
>> 
>> Then renaming the argus logfile to argus.log:
>> 
>> rabins-3.0.5.15-i386 -M time 1m -r /tmp/argus.log
>> 
>> Same logfile, shorter name, works perfect. Seems to be a bug in filename
>> parsing with ":". Replacing ":" to "_" works.
>> 
>> Wolfgang
>> PS: the file name bug only occurs in rabins, not in ra
>> -- 
>> <wob (at) swobspace de> * http://www.swobspace.de
>> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110623/228cb1cf/attachment.bin>

More information about the argus mailing list