rastream 3.0.7.8, no suser duser
Matt Brown
matthewbrown at gmail.com
Tue May 14 12:00:14 EDT 2013
Thanks Dave.
I found a thread where carter suggested using radump to see suser and
duser. I can see some ARP contents, but radump quickly segfaults. Why
is this?
I'm guessing rastream saves some amount of these fields by default?
I can not see these field contents with ra or racluster. Does this make sense?
Thanks for the reply,
Matt
On May 14, 2013, at 11:51 AM, Dave Edelman <dedelman at iname.com> wrote:
> You need to tell argus to collect that data with the -U nnn option where nnn
> is the number of bytes of user data you want to keep for each flow.
>
> --Dave
>
>> -----Original Message-----
>> From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
>> [mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu]
>> On Behalf Of Matt Brown
>> Sent: Tuesday, May 14, 2013 10:51 AM
>> To: argus-info at lists.andrew.cmu.edu
>> Subject: [ARGUS] rastream 3.0.7.8, no suser duser
>>
>> Hello all/Carter,
>>
>> I am using rastream to write argus data to files.
>>
>> When I query these files using ra or racluster, suser and duser are
>> not returning any data.
>>
>> I'm guessing it isn't being written by rastream which has been started
>> as follows:
>>
>> rastream -S 127.0.0.1:561 -B 15s -M time 1h -w
>> /var/opt/argus/%Y-%m-%d/argus_%T -f /usr/local/bin/rastream.sh
>>
>> How do I use rastream to record N bytes of suser and duser?
>>
>>
>> Thanks,
>>
>> Matt
>
More information about the argus
mailing list