-e option - Argus Version 3.0.4
Carter Bullard
carter at qosient.com
Mon Apr 2 15:02:38 EDT 2012
Hey Mark,
The ability to use something other than an IP address is in argus-3.0.5.x, soon to be argus-3.0.6.
I would suggest that you try argus-3.0.5.11, http://qosient.com/argus/dev/argus-latest.tar.gz.
It should be able to do what you're looking for.
Carter
On Apr 2, 2012, at 2:59 PM, Mark Bartlett wrote:
> Hello all,
>
> I am having issues with the '-e' option in ARGUS.
>
> I run the following command:
>
> argus -e 200 -w /tmp/testfile
>
> and I get this in the ra output:
> 0.0.0.100,2012-04-02,14:52:15,2012-04-02,14:52:15,0.000000,192.168.198.137,192.168.198.1,6,22,53215,212,106,106,2,1,1,<?>,1,11,
> e
>
> As you can see the Argus Identifier is coming out as an IP address:
> 0.0.0.100 not 100 which I would like. I think something changed from
> the older versions.
>
> In my python script I run the following command and pass some
> variables to the command:
> arguscommand = "/usr/local/sbin/argus -e "+capID+" -F
> "+SCRIPTS+"/argus.conf -r "+cleancapturefile+" -w "+argusoutfile+" -
> ip"
>
> Prior to updating to the 3.0.4 version the command above would save
> the identifier to the record.
>
> Anyone else seeing a change in the format?? Or am I doing something wrong?
>
> mab
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120402/71037b22/attachment.bin>
More information about the argus
mailing list