Rastream flow option problem, FreeBSD and OS X?
Pete McKenna
pete.mckenna at gmail.com
Thu Mar 19 23:48:44 EDT 2015
I'm using Argus on FreeBSD 10.1 and have the latest ports update, version
3.0.8. I get no errors when building, and most features seem just fine, but
I'd like to use rastream -M flow "filter" option, and I get no output and
no errors when I run this command on a file. It does not matter if I am
writing to stdout or a file, nothing happens. Using -M time does work as
expected. I don't believe the clients were built with debug, I get nothing
when using -D 8 on rastream.
I also noticed that the man page for rastream details using flow, but the
-h help does not mention a flow option at all. I'd appreciate any thoughts.
I'll try and recompile with debug, is this an option to configure?
command I'd like to run is like this:
rastream -r ../BPM_test_Cap.arg -M flow "icmp and net 10.0.0.0/23" -w - |
ra -r -
The behavior is the same on OS X 10.7.5 also with the 3.0.8 clients. I have
tried using -X to clear any .rarc complications, there is no change.
Thanks
Pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150319/b7ef316f/attachment.html>
More information about the argus
mailing list