Problem labeling with ASN numbers

Jesse Bowling jessebowling at gmail.com
Tue Feb 25 14:04:08 EST 2014 

Hello,

I'm having issues labeling flows with their ASN numbers. I would appreciate
any pointers on how to work through this issue. Using the following setup:

# ralabel --version
RaLabeler Version 3.0.7.19

# egrep -v '^#|^[ \t]*$' /etc/ralabel.conf
RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/usr/local/share/GeoIP/GeoIPASNum.dat"
RALABEL_GEOIP_V6_ASN_FILE="/usr/local/share/GeoIP/GeoIPASNumv6.dat"

# ralabel -D 3 -f /etc/ralabel.conf -r test.argus -s stime label -N 10
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.951989 ArgusAddFileList
(0x518ac010, test.argus, 1, -1, -1) returning 1
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.955412
RaLabelParseResourceFile (/etc/ralabel.conf) returning 0
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.955498
ArgusReadConnection() read 16 bytes
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.955517
ArgusReadConnection() read 112 bytes
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.955877
ArgusParseInit(0x7fb2518ac010 0x7fb25183b010
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.955896
ArgusReadConnection(0x5183b010, 1) returning 1
                     StartTime                     Label
      02/25/14 12:01:07.897347
      02/25/14 13:00:00.000000
      02/25/14 13:00:01.231979
      02/25/14 13:00:00.491826
      02/25/14 13:00:00.000000
      02/25/14 13:00:00.000000
      02/25/14 13:00:00.018068
      02/25/14 13:00:00.000000
      02/25/14 13:00:00.000000
      02/25/14 13:00:00.000000
      02/25/14 13:00:00.000000
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.956353
ArgusCloseInput(0x5183b010) closing
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.956377
ArgusCloseInput(0x5183b010) done
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.956385 main:
ArgusReadFileStream (test.argus) done
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.956408 main: reading
files completed
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.956415 ArgusShutDown (0)
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.956421 RaParseComplete
(0) returning
ralabel[11976.0047da51b27f0000]: 02/25/14 14:03:54.956429
RaParseComplete(caught signal 0)


-- 
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140225/8cbe2323/attachment.html>

More information about the argus mailing list