ranonymize time in v3.0.8.2

Carter Bullard via Argus-info argus-info at lists.andrew.cmu.edu
Thu Oct 20 14:01:37 EDT 2016 

Hey Gabriel,
Sorry to be so late in responding to your email … somehow it fell into one of my email cracks.
You have to tell ranonymize which fields you want to change.  The default list of fields doesn’t include the time, so you have to add time to the list.  In your example:
 
   ranonymize -M +time -f ./ranon.conf -nn -r argus-collector.ra

Sorry for the delay and any confusion.
Carter   

> On Sep 27, 2016, at 1:57 PM, Gabriel L. Somlo via Argus-info <argus-info at lists.andrew.cmu.edu> wrote:
> 
> Hi,
> 
> I tried running 'ranonymize' on a data file, using v3.0.8.2 (FWIW,
> compiled from source, on an Ubuntu 14.04 box).
> 
> While both network translation (RANON_SPECIFY_NET_TRANSLATION) and
> host translation (RANON_SPECIFY_HOST_TRANSLATION) appear to work as
> advertised, I'm having trouble adjusting the timestamps by setting
> RANON_TIME_SEC_OFFSET (to e.g. "fixed:60" to bump everything up by one
> minute). Here's a screenshot of what I'm trying to do and the contents
> of my anonymizer config file:
> 
> 
> foo at bar:~$ ra  -nn -r argus-collector.ra | head
>         StartTime      Flgs  Proto            SrcAddr  Sport   Dir          
>   14:49:33.631163  e            17        10.30.30.20.123       ->       10.
>   14:49:38.197072  e    F       17     192.168.30.100.0         ->      192.
>   14:49:38.197327  e    f       17     192.168.30.100.0         ->      192.
>   14:49:38.197827  e    f       17     192.168.30.100.0         ->      192.
>   14:49:38.197829  M            17      192.168.30.30.39879    <->        10
>   14:49:38.198071  e            17      192.168.30.10.514       ->      192.
>   14:49:38.199066  e            17        10.30.30.20.6057     <->         1
>   14:49:38.199317  M             6        10.30.30.20.36450    <?>      192.
>   14:49:38.267028  M            17      192.168.30.30.33142    <->        10
> 
> foo at bar:~$ ranonymize -f ./ranon.conf  -nn -r argus-collector.ra | head
>         StartTime      Flgs  Proto            SrcAddr  Sport   Dir          
>   14:49:33.631163  e            17            1.0.2.1.123       ->          
>   14:49:38.197072  e    F       17     192.168.40.100.0         ->       192
>   14:49:38.197327  e    f       17     192.168.40.100.0         ->       192
>   14:49:38.197827  e    f       17     192.168.40.100.0         ->       192
>   14:49:38.197829  M            17       192.168.40.1.50938    <->          
>   14:49:38.198071  e            17       192.168.40.2.514       ->       192
>   14:49:38.199066  e            17            1.0.2.1.17116    <->          
>   14:49:38.199317  M             6            1.0.2.1.47509    <?>       192
>   14:49:38.267028  M            17       192.168.40.1.44201    <->          
> 
> foo at bar:~$ cat ./ranon.conf
> RANON_TIME_SEC_OFFSET=fixed:60
> RANON_SPECIFY_NET_TRANSLATION=192.168.30.0::192.168.40.0
> RANON_SPECIFY_HOST_TRANSLATION=192.168.30.100::192.168.40.100
> 
> 
> Any chance I've messed up setting the value of RANON_TIME_SEC_OFFSET ?
> 
> Any other clues and advice much appreciated!
> 
> Thanks much,
> --Gabriel
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2448 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20161020/cfe72648/attachment.bin>

More information about the argus mailing list