RA_FIELD_WIDTH issue in argus-clients-3.0.6
Mike Iglesias
iglesias at uci.edu
Mon Apr 16 19:23:00 EDT 2012
I have a ra config file that looks like this:
RA_TIME_FORMAT="%d %b %y %T"
RA_FIELD_WIDTH=fixed
RA_FIELD_SPECIFIER="stime,flgs,proto,saddr,sport,dir,daddr,dport,spkts,dpkts,sbytes,dbytes,state"
In argus-clients 3.0.6 (and in 3.0.5.37) the output produced by running
racluster with this ra config file looks like this:
15 Apr 12 2* N tcp xxx.xxx.131.135.5140 ->
xxx.xxx.59.174.46859 3 0 132 0 INT
The only other version of argus-clients I have on the system is 3.0.5.23, and
it does not have this problem.
If I comment out the RA_FIELD_WIDTH=fixed, the date/time in the output is
displayed correctly:
15 Apr 12 23:59:59 N tcp xxx.xxx.131.135.5140 -> xxx.xxx.59.174.46859
3 0 132 0 INT
Commenting out the RA_TIME_FORMAT fixes it, but I don't want the default time
format:
23:59:59.379756 N tcp xxx.xxx.131.135.5140 ->
xxx.xxx.59.174.46859 3 0 132 0 INT
Is this a bug or something that changed in the newer 3.0.5 releases and
propagated into 3.0.6?
--
Mike Iglesias Email: iglesias at uci.edu
University of California, Irvine phone: 949-824-6926
Office of Information Technology FAX: 949-824-2270
More information about the argus
mailing list