[ARGUS] Argus error in packet size and bytes
Carter Bullard
carter at qosient.com
Thu Jun 2 10:15:48 EDT 2022
Hey Sehan,
You aren’t doing anything wrong … my bad … I didn’t finish a needed change in master for the mysql code … for some reason my test machine didn’t have mysql installed …
OK fetch and pull the code from GitHub again and all should be well ...
Carter
> On Jun 1, 2022, at 9:14 AM, Sehan Samarakoon <sehan6996 at gmail.com> wrote:
>
> Hi Carter,
>
> Thanks for the reply. I'm running argus on a Kali linux and was only able to install argus through "sudo apt-get install". So I have been using the version 3.0.8.2 as shown in here.
> <argus_ver.png>
> I have been trying to get the source code from github but the following message is given and argus is not installed when I give the "make" command.
>
> <Screenshot_2022-06-01_09-05-37.png>
> Any idea what I'm doing wrong?
>
> -Sehan
>
>
>
>
>
> On Tue, 31 May 2022 at 16:29, Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
> Hey Sehan,
> There are a few questions to go through …
>
> What version are you using ? … the current version is 3.0.8.4, be sure and get the latest software releases from https://github.com/openargus <https://github.com/openargus>
> How are you running argus ?
> How are you running ra ? …
>
> in your earlier off-list emails, you sent a screenshot where the pkts and bytes fields had no values … this is normally an argus / client version mismatch problem or you processed the .argus file and stripped the metrics dsr out of the records … getting the latest code should help. The INT you see is the value for ’state’ field. To see that the fields are blank, you can print as a CSV …
> % ra -r loic.argus -c ,
>
> Have you processed the files with other ra* commands ??? That could account for the missing metrics values ...
>
> If it is a complete mystery, then if you can share the pcap file that generates the error, I can take a look ...
>
> Carter
>
>> On May 31, 2022, at 6:43 AM, Sehan Samarakoon <sehan6996 at gmail.com <mailto:sehan6996 at gmail.com>> wrote:
>>
>> Hi,
>>
>> I have been using argus tool to convert a pcap into the argus file format. However, I'm getting an error "ArgusGenerateRecordStruct: pre ARGUS_DATA_DSR len is zero" when I read through the command ra. In addition, I'm also not getting any values for pkts and bytes fields in some of the flows. Instead it prints as INT.
>>
>> I would be really grateful to you if you can tell me if there is any way to overcome this / anything I'm doing wrong? I have been searching through internet for a very long time, only to be unsuccessful. Your response is highly appreciated.
>>
>> Thank you
>> Best Regards,
>> Sehan Samarakoon
>>
>>
>> _______________________________________________
>> argus mailing list
>> argus at qosient.com <mailto:argus at qosient.com>
>> https://pairlist1.pair.net/mailman/listinfo/argus <https://pairlist1.pair.net/mailman/listinfo/argus>
>
> _______________________________________________
> argus mailing list
> argus at qosient.com
> https://pairlist1.pair.net/mailman/listinfo/argus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20220602/06945884/attachment.htm>
More information about the argus
mailing list