Bug with malformed host in filter
elof2 at sentor.se
elof2 at sentor.se
Mon Feb 25 09:02:47 EST 2013
Hi Carter!
I stumbled on to a bug when accidentally executing a ra command with an
incomplete IP address.
Strangely enough, the error-detection make different descisions depending
of its place in the filter string.
Example:
#ra -Zb -nr argus.log - host 10.10.10.10 and host 10
pid 1907 (ra), uid 0: exited on signal 11 (core dumped)
host 10.10.10.10 and host 10 filter syntax error
The filter "tcp and host 10" and other elements before "host 10" also
fail.
However, a filter of just "host 10" by itself does not fail, nor does
"host 10 and host 10.10.10.10"
(ra version 3.0.6.2)
/Elof
More information about the argus
mailing list