TotBytes field width

Carter Bullard carter at qosient.com
Mon May 16 11:25:26 EDT 2011 

Hey Keir,
I uploaded argus-clients-3.0.5.10, which fixes all the field overflows, so that they
end up with an '*' if the value has been truncated by the field width specification.

   http://qosient.com/argus/dev/argus-clients-latest.tar.gz

Take a look, if you have time, to see if that addresses your issue.

I failed to mention, that if you don't care to have the "pretty printing" style, you can
specify a field specifier, using the "-c 'char' " option) or you can specify RA_FIELD_WIDTH="variable",
in your .rarc file.  This will prevent any truncation. Doesn't look so good on printing, though.
Lot of choices.

Hope all is most excellent,

Carter


On May 11, 2011, at 7:11 PM, Carter Bullard wrote:

> Hey Keir,
> Yes, that is the intended behavior, but it should have a '*' when the field is truncated.  At least that is the design. I'll look to see what is up. If a fix is needed it will go into argus-clients-3.0.5.10.  We keep the soon to be released clients in:
>   http://qosient.com/argus/dev
> 
> They are quasi-stable.
> 
> Carter
> 
> 
> 
> On May 11, 2011, at 2:02 PM, Keir Novik <novik at sfu.ca> wrote:
> 
>> Using Argus 3.0.4, I'm seeing the value in the TotBytes field truncated unless I explicitly specify the field width:
>> 
>> % ra -r file -s saddr bytes
>>          SrcAddr   TotBytes 
>>        100.0.1.1 3724219621
>>          1.0.2.1    6965914
>>        1.0.3.255      26475
>>        197.0.1.1      16694
>>          1.0.4.1       8448
>>          1.0.5.1       4976
>>          1.0.6.1        124
>> % ra -r file -s saddr bytes:12
>>          SrcAddr     TotBytes 
>>        100.0.1.1  37242196212
>>          1.0.2.1      6965914
>>        1.0.3.255        26475
>>        197.0.1.1        16694
>>          1.0.4.1         8448
>>          1.0.5.1         4976
>>          1.0.6.1          124
>> 
>> Is this working as designed?
>> 
>> Regards,
>> Keir
>> 
>> --
>> Dr. Keir Novik / Network Security Analyst, Simon Fraser University
>> 
>> 
>> 
>> 
>> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110516/5bd6a401/attachment.bin>

More information about the argus mailing list