RA_FIELD_WIDTH issue in argus-clients-3.0.6

Carter Bullard carter at qosient.com
Mon Apr 16 19:41:19 EDT 2012 

Hey Mike,
The ' * ' is indicating that your data string is larger than the default size for the field.
" fixed " means that you will cut off the field to the size specified in the RA_FIELD_SPECIFIER,
or the default length.

You need to provide a field width number on the "stime" field in your RA_FIELD_SPECIFIER
to get the whole thing printed out.

Try something like this:

   RA_FIELD_SPECIFIER="stime:18,flgs,proto,saddr,sport,dir,daddr,dport,spkts,dpkts,sbytes,dbytes,state"

If that doesn't do it, send some email soon.
Carter



On Apr 16, 2012, at 7:23 PM, Mike Iglesias wrote:

> I have a ra config file that looks like this:
> 
> RA_TIME_FORMAT="%d %b %y %T"
> RA_FIELD_WIDTH=fixed
> RA_FIELD_SPECIFIER="stime,flgs,proto,saddr,sport,dir,daddr,dport,spkts,dpkts,sbytes,dbytes,state"
> 
> In argus-clients 3.0.6 (and in 3.0.5.37) the output produced by running
> racluster with this ra config file looks like this:
> 
> 15 Apr 12 2* N            tcp    xxx.xxx.131.135.5140      ->
> xxx.xxx.59.174.46859         3        0          132            0   INT
> 
> The only other version of argus-clients I have on the system is 3.0.5.23, and
> it does not have this problem.
> 
> If I comment out the RA_FIELD_WIDTH=fixed, the date/time in the output is
> displayed correctly:
> 
> 15 Apr 12 23:59:59 N         tcp xxx.xxx.131.135.5140  -> xxx.xxx.59.174.46859
> 3 0 132 0 INT
> 
> Commenting out the RA_TIME_FORMAT fixes it, but I don't want the default time
> format:
> 
>   23:59:59.379756 N            tcp    xxx.xxx.131.135.5140      ->
> xxx.xxx.59.174.46859         3        0          132            0   INT
> 
> Is this a bug or something that changed in the newer 3.0.5 releases and
> propagated into 3.0.6?
> 
> 
> -- 
> Mike Iglesias                          Email:       iglesias at uci.edu
> University of California, Irvine       phone:       949-824-6926
> Office of Information Technology       FAX:         949-824-2270

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120416/706d3760/attachment.html>

More information about the argus mailing list