Unusual country codes showing up
Carter Bullard
carter at qosient.com
Wed Mar 6 08:09:44 EST 2013
What version of the clients ?? Use 3.0.7.5 if you can, we fixed a country code problem a while ago ? If you are using a 3.0.7.x send a set of data that generates the error.
Carter
On Mar 5, 2013, at 9:24 PM, Craig Merchant <cmerchant at responsys.com> wrote:
> We use some of the private address spaces internally. Using radium to label the flows, connecting any of the ra clients to radium and using “-s +dco,+sco” is showing strange country codes for internal address ranges. Codes like: pu, ap, in, la, tm.
>
> I ran the script in the support directory to update all of the delegated-*-latest and copied the delegated-ipv4-latest file to /usr/local/argus.
>
> The ralabel.conf file referenced by radium is:
>
> RALABEL_IANA_ADDRESS=yes
> RALABEL_IANA_ADDRESS_FILE="/usr/local/argus/responsys-iana-file"
> RALABEL_ARIN_COUNTRY_CODES=yes
> RA_DELEGATED_IP="/usr/local/argus/delegated-ipv4-latest"
> #RALABEL_BIND_NAME="all"
> RALABEL_IANA_PORT=no
> #RALABEL_IANA_PORT_FILE="/usr/local/argus/iana-port-numbers"
> RALABEL_ARGUS_FLOW=no
> RALABEL_ARGUS_FLOW_FILE="/usr/local/argus/label-file"
> #RALABEL_GEOIP_ASN=yes
> #RALABEL_GEOIP_ASN_FILE="/usr/local/share/GeoIP/GeoIPASNum.dat"
> # objects, in whatever order you like, as the RALABLE_GEOPIP_CITY string
> # RALABEL_GEOIP_CITY="saddr,daddr:lat/lon"
> # RALABEL_GEOIP_CITY="*:city,region,cname,lat,lon"
> RALABEL_GEOIP_CITY="saddr,daddr,inode:cname"
> RALABEL_GEOIP_CITY_FILE="/usr/local/argus/GeoIPCity.dat"
>
> Although I haven’t tested it exhaustively, it *seems* that the unusual pairs of letters in the unusual country codes show up together in the label field for each flow.
>
> Thanks.
>
> Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130306/f450052a/attachment.html>
More information about the argus
mailing list