Argus time field truncation

Drew Dixon dwdixon at umich.edu
Tue Mar 27 16:54:12 EDT 2018 

Thank you both!

This was very helpful.

Cheers,

-Drew

On Tue, Mar 27, 2018 at 1:06 PM, Mike Iglesias <iglesias at uci.edu> wrote:

> On 03/27/2018 08:22 AM, Drew Dixon wrote:
> > Hi there,
> >
> > I have a need to add the date into the stime field with ra so I've done
> so
> > using an ra.conf file:
> >
> > RA_TIME_FORMAT="%y-%m-%d %T"
> >
> > It appears to be picking up the customization in my ra.conf file but
> when I
> > test it out reading a file with ra the stime field is truncated
> (18-03-27 14*)
> > and negates the purpose of adding the date in with the time....I came
> across
> > this part of the man page:
> >
> > "Field lengths are hard constraints, and field output that exceeds the
> field
> > length will be truncated, and a '*' will be inserted as the last
> character.
> > /When you see this, add more to the length specification for that
> specific
> > field./"
> >
> > Which at first seems somewhat contradictory, with it stating these are
> hard
> > constraints but then that you can modify them, I suppose I'm not sure
> how I
> > would go about adding more to the length specification for that specific
> > field?  Is this indicating we would need to modify the field length
> value in
> > the argus client tools source code and recompile to increase the length
> > specification for this field?
> >
> > Any help on how I can increase the length specification for the time
> field
> > would be greatly appreciated!
>
> This is what we use
>
> RA_TIME_FORMAT="%d %b %y %T"
> RA_FIELD_WIDTH=fixed
> RA_FIELD_SPECIFIER="stime:18,ltime:18,flgs,proto,saddr,
> sport,dir,daddr,dport,spkts,dpkts,sbytes,dbytes,state"
>
>
> --
> Mike Iglesias                          Email:       iglesias at uci.edu
> University of California, Irvine       phone:       949-824-6926
> Office of Information Technology       FAX:         949-824-2270
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20180327/13a216db/attachment.html>

More information about the argus mailing list