filter syntax error

Harry Hoffman hhoffman at ip-solutions.net
Tue May 7 16:28:41 EDT 2013


Aha! thanks, Carter. I knew it was me :-)

So, if I run the command with quotes escaped I get no records returned.
But without srcid (and printing out the srcid) I get records with a
srcid as eth0.

Cheers,
Harry

On 05/07/2013 03:20 PM, Carter Bullard wrote:
> Hey Harry,
> You have to indicate that the eth0 is a string.  On my system, with bash I have to use this:
> 
>    ra - srcid \"eth0\"
> 
> Carter
> 
> 
> On May 7, 2013, at 2:17 PM, Harry Hoffman <hhoffman at ip-solutions.net> wrote:
> 
>> Hi All,
>>
>> Running the latest (i think) argus-clients 3.0.7.7.
>>
>> I've got a setup where I have multiple src ids configured. I'm trying to
>> just pull records for one src id but am getting a syntax error.
>>
>> [root at usher ~]# ra -nnr /var/log/argus/argus.out - srcid eth0
>> ra[31322]: 14:14:38.492897 srcid eth0 unknown
>> ra[31321]: 14:14:38.890573 srcid eth0 filter syntax error
>>
>>
>> I believe that the srcids are correct as ra can print them out.
>>
>> [root at usher ~]# ra -nnr /var/log/argus/argus.out -s
>> saddr,sport,daddr,dport,srcid -N 3
>>           SrcAddr  Sport            DstAddr  Dport              SrcId
>>    172.16.255.170.123          24.124.0.251.123                  eth1
>>      72.94.xx.xxx.123          24.124.0.251.123                  eth0
>>    172.16.255.254            172.16.255.176                      eth1
>>
>>
>> Is this a bug or am I doing something wrong?
>>
>> Cheers,
>> Harry
>>
> 



More information about the argus mailing list