rastream 3.0.7.8, no suser duser
Dave Edelman
dedelman at iname.com
Tue May 14 11:50:35 EDT 2013
You need to tell argus to collect that data with the -U nnn option where nnn
is the number of bytes of user data you want to keep for each flow.
--Dave
> -----Original Message-----
> From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
> [mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu]
> On Behalf Of Matt Brown
> Sent: Tuesday, May 14, 2013 10:51 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] rastream 3.0.7.8, no suser duser
>
> Hello all/Carter,
>
> I am using rastream to write argus data to files.
>
> When I query these files using ra or racluster, suser and duser are
> not returning any data.
>
> I'm guessing it isn't being written by rastream which has been started
> as follows:
>
> rastream -S 127.0.0.1:561 -B 15s -M time 1h -w
> /var/opt/argus/%Y-%m-%d/argus_%T -f /usr/local/bin/rastream.sh
>
> How do I use rastream to record N bytes of suser and duser?
>
>
> Thanks,
>
> Matt
More information about the argus
mailing list