ralabel
CS Lee
geek00l at gmail.com
Fri Jun 1 10:48:19 EDT 2012
hi Carter,
I made the test, as I have multiple version of argus in my box for testing
I forgot the specify the path for the argus client version I want, so
basically the data insert into database for saddr and daddr are correct in
3.0.6.1, the issue is the ralabel part in argus 3.0.6.1.
Another issue I'm now looking at is actually bumping suser and duser into
db, i see some errors when trying to insert suser and duser data into
mysql, however I will report once i have confirmed about it.
Thanks for quick response, cheers ;)
On Fri, Jun 1, 2012 at 10:32 PM, Carter Bullard <carter at qosient.com> wrote:
> Hey CS Lee,
> So, I just tested the 3.0.6.1 patch, and it does seem to break the AS
> labeling,
> so back up to argus-clients-3.0.6 until I can figure out what I did.
>
> Carter
>
> On Jun 1, 2012, at 2:02 AM, CS Lee wrote:
>
> hi Carter,
>
> Has you updated ralabel, it doesn't seem to work on version 3.0.6.1, when
> I run
>
> /usr/local/stow/argusc-3.0.6.1/bin/ralabel -f /nsmon/etc/ralabel.conf -S
> 10.10.10.1:561 -w - | ra -n -s stime proto saddr sport dir daddr dport
> state sco dco sas das
> 12:28:55.523218 udp 1.2.3.4.64507 <-> 15.15.15.15.53
> CON
> 12:28:55.597702 udp 1.2.3.4.32771 <- 2.3.4.5.53
> RSP
> 12:28:55.647515 udp 1.2.3.4.60581 <-> 15.15.15.15.53
> CON
>
> You can see nothing shows up, if I use 3.0.5.34, it seems to be working.
> My ralabel.conf has these few lines enabled
>
> RALABEL_ARIN_COUNTRY_CODES=yes
> RA_DELEGATED_IP="/nsmon/file/delegated-ipv4-latest"
> RALABEL_GEOIP_ASN=yes
> RALABEL_GEOIP_ASN_FILE="/nsmon/file/GeoIPASNum.dat"
>
> Cheers!
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
>
>
>
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120601/aa3730be/attachment.html>
More information about the argus
mailing list