filter syntax error
Harry Hoffman
hhoffman at ip-solutions.net
Tue May 7 14:17:51 EDT 2013
Hi All,
Running the latest (i think) argus-clients 3.0.7.7.
I've got a setup where I have multiple src ids configured. I'm trying to
just pull records for one src id but am getting a syntax error.
[root at usher ~]# ra -nnr /var/log/argus/argus.out - srcid eth0
ra[31322]: 14:14:38.492897 srcid eth0 unknown
ra[31321]: 14:14:38.890573 srcid eth0 filter syntax error
I believe that the srcids are correct as ra can print them out.
[root at usher ~]# ra -nnr /var/log/argus/argus.out -s
saddr,sport,daddr,dport,srcid -N 3
SrcAddr Sport DstAddr Dport SrcId
172.16.255.170.123 24.124.0.251.123 eth1
72.94.xx.xxx.123 24.124.0.251.123 eth0
172.16.255.254 172.16.255.176 eth1
Is this a bug or am I doing something wrong?
Cheers,
Harry
More information about the argus
mailing list