TotBytes field width
Carter Bullard
carter at qosient.com
Wed May 11 19:11:28 EDT 2011
Hey Keir,
Yes, that is the intended behavior, but it should have a '*' when the field is truncated. At least that is the design. I'll look to see what is up. If a fix is needed it will go into argus-clients-3.0.5.10. We keep the soon to be released clients in:
http://qosient.com/argus/dev
They are quasi-stable.
Carter
On May 11, 2011, at 2:02 PM, Keir Novik <novik at sfu.ca> wrote:
> Using Argus 3.0.4, I'm seeing the value in the TotBytes field truncated unless I explicitly specify the field width:
>
> % ra -r file -s saddr bytes
> SrcAddr TotBytes
> 100.0.1.1 3724219621
> 1.0.2.1 6965914
> 1.0.3.255 26475
> 197.0.1.1 16694
> 1.0.4.1 8448
> 1.0.5.1 4976
> 1.0.6.1 124
> % ra -r file -s saddr bytes:12
> SrcAddr TotBytes
> 100.0.1.1 37242196212
> 1.0.2.1 6965914
> 1.0.3.255 26475
> 197.0.1.1 16694
> 1.0.4.1 8448
> 1.0.5.1 4976
> 1.0.6.1 124
>
> Is this working as designed?
>
> Regards,
> Keir
>
> --
> Dr. Keir Novik / Network Security Analyst, Simon Fraser University
>
>
>
>
>
More information about the argus
mailing list