Possible bug(s) with labels and .rarc

[Craig Merchant]

I think I may have found a bug in ralabels...

If I run ralabels against radium with a properly configured ralabel.conf and label files, it works correctly (ralabel -S radium_host:561 -c "," -f /usr/local/argus/ralabel.conf -M dsrs="+label" -s "+label:200")

If I run ralabels against argusd with a properly configured ralabel.conf and label files, no labels are printed when the -w switch isn't used (ralabel -S radium_host:561 -c "," -f /usr/local/argus/ralabel.conf -M dsrs="+label" -s "+label:200")

If I run ralabels against argusd and use the -w to either send the output to a file (-w filename) or standard out (-w -), the labels will show up when that file or standard out is read by ra (ra -r - -M dsrs="+label" -s "+label:200" OR ra -r filename.argus -M dsrs="+label" -s "+label:200")

I've also found some behavior with .rarc files that I'm not sure is by design or if it's a bug.  I specified my radium host in my .rarc file.  But during some troubleshooting, I was using ra and ralabels to connect to argusd directly by using the -S argusd_host:561 switch.  When I tried to connect to argusd with the radium server configured in the .rarc file, I got two copies of all of the flows with timestamps that were milliseconds apart.

Is the -S switch supposed to override the setting in the .rarc file?  Or is it just additive?

I've sent a spreadsheet with all of the command that I ran and their results as well as the output from each offline...

Thanks

Craig

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130122/9d20ff15/attachment.html>