ralabel
Carter Bullard
carter at qosient.com
Fri Jun 1 10:32:03 EDT 2012
Hey CS Lee,
So, I just tested the 3.0.6.1 patch, and it does seem to break the AS labeling,
so back up to argus-clients-3.0.6 until I can figure out what I did.
Carter
On Jun 1, 2012, at 2:02 AM, CS Lee wrote:
> hi Carter,
>
> Has you updated ralabel, it doesn't seem to work on version 3.0.6.1, when I run
>
> /usr/local/stow/argusc-3.0.6.1/bin/ralabel -f /nsmon/etc/ralabel.conf -S 10.10.10.1:561 -w - | ra -n -s stime proto saddr sport dir daddr dport state sco dco sas das
> 12:28:55.523218 udp 1.2.3.4.64507 <-> 15.15.15.15.53 CON
> 12:28:55.597702 udp 1.2.3.4.32771 <- 2.3.4.5.53 RSP
> 12:28:55.647515 udp 1.2.3.4.60581 <-> 15.15.15.15.53 CON
>
> You can see nothing shows up, if I use 3.0.5.34, it seems to be working. My ralabel.conf has these few lines enabled
>
> RALABEL_ARIN_COUNTRY_CODES=yes
> RA_DELEGATED_IP="/nsmon/file/delegated-ipv4-latest"
> RALABEL_GEOIP_ASN=yes
> RALABEL_GEOIP_ASN_FILE="/nsmon/file/GeoIPASNum.dat"
>
> Cheers!
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120601/2e507dba/attachment.html>
More information about the argus
mailing list