Does the -Zb switch have some magic incantation?
Paul Schmehl
pschmehl_lists at tx.rr.com
Mon Oct 15 16:51:43 EDT 2012
I'm working on an rasqlinsert routine for feeding a database with argus
data. I have one last hurdle to overcome.
Here's my conf file:
RA_TIME_FORMAT="%G-%m-%d %T
RA_FIELD_SPECIFIER="stime saddr daddr sport dport sbytes dbytes flgs
RA_PRINT_NAMES="none"
When I run this commandline:
ra -Z b -F rasqlinsert.conf -r
/var/data/nsm/argus/2012-10-14/argus.log.2012-10-14.16\:00\:00.bz2
It gives me this output:
2012-10-14 12:00:14 184.72.15.121 129.110.10.35 36584 53
90 144 e
2012-10-14 12:00:14 10.19.1.200 192.124.233.27 60844 80
2142 6038 e
2012-10-14 12:00:14 10.19.1.200 192.124.233.27 60845 80
2763 1334 e
2012-10-14 12:00:14 184.72.15.121 129.110.10.35 31152 53
90 106 e
2012-10-14 12:00:14 10.174.48.37 171.161.148.172 45333 443
66 66 e
2012-10-14 12:00:14 10.174.48.37 171.161.148.172 45338 443
66 66 e
2012-10-14 12:00:14 10.174.48.37 171.161.148.172 45331 443
66 66 e
2012-10-14 12:00:14 10.174.48.37 171.159.100.181 48308 443
66 66 e
2012-10-14 12:00:14 10.160.75.17 50.31.149.59 54778 80
862 701 e
2012-10-14 12:00:14 10.110.65.158 199.47.217.146 58944 80
245 293 e
2012-10-14 12:00:14 69.175.54.106 129.110.180.172 50014 443
60 0 e
2012-10-14 12:00:14 10.19.1.200 64.94.107.30 60847 80
694 2900 e
2012-10-14 12:00:14 10.19.1.200 64.94.107.30 60846 80
694 2900 e i
But -Z b should be giving me S SA or PA PA, etc. What am I doing wrong?
--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell
More information about the argus
mailing list