[ARGUS] ratop with racolor blanks our daddr

Steven L bluebluesteven at gmail.com
Fri Jul 19 16:39:21 EDT 2019 

Hi Carter,

Data set is coming off a nic via argus. I'll see if I can do the same off
of a pcap.


######################################
rarc.conf:
######################################
RA_ARGUS_SERVER=localhost:561
RA_USEC_PRECISION=2
RA_SORT_ALGORITHMS=load
RA_COLOR_SUPPORT="yes"
RA_COLOR_CONFIG="racolor.conf"


######################################
racolor.conf:
######################################
filter=""     color="all:BLACK"                           cont
filter=""     color="all:WHITE"                           cont
filter="src load eq 0"   color="saddr:BLUE" cont
filter="src load eq 0"   color="daddr:BLUE" cont


######################################
command:
######################################
ratop -F rarc.conf -H -n -s ltime idle saddr sport dir daddr dport proto
load rate bytes pkts state dur sdsb







On Fri, Jul 19, 2019 at 8:47 AM <carter at qosient.com> wrote:

> Hey Steve,
> So the color map is a bit map, and the notion that initializing all the
> bits explicitly before you start,  isn’t crazy … but not something the user
> should have to do.
> I’ll take a look at the code today … any chance you have a .racolor.conf,
> .rarc and a data set you can share that shows the problem ???
>
> Carter
>
> On Jul 19, 2019, at 9:44 AM, Steven L <bluebluesteven at gmail.com> wrote:
>
> A more "enhanced" workaround is to have the below at the top of the
> racolor.config. This will put the text back to the proper foreground color.
>
> filter=""     color="all:BLACK"      cont
> filter=""     color="all:WHITE"      cont
>
>
>
> On Thu, Jul 18, 2019 at 3:31 PM <carter at qosient.com> wrote:
>
>> So there does appear to be a bug in the parser … not sure yet what, as I
>> haven’t had a chance to look into it.
>> I’m thinking that if you put an explicit line at the top and then add
>> your logic, that you’ll be setting the text to something other than the
>> "foreground” .  Is this a workaround ???
>>
>> Carter
>>
>> On Jul 18, 2019, at 6:17 PM, Steven L <bluebluesteven at gmail.com> wrote:
>>
>> When I do this:  filter="net 0.0.0.0/0"     color="all:BLACK"
>>                 cont
>>
>> Some items are blanked out.
>> <image.png>
>>
>> When do this: filter=""     color="all:BLACK"
>> cont
>> Everything shows up. Interesting!
>> <image.png>
>>
>>
>>>>
>>>
>>
>> _______________________________________________
> argus mailing list
> argus at qosient.com
> https://pairlist1.pair.net/mailman/listinfo/argus
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20190719/fe71becb/attachment-0001.html>

More information about the argus mailing list