[ARGUS] Argus 5.0.0. archive filter by ip protocol problem.
Ming Fu via Argus-info
argus-info at lists.andrew.cmu.edu
Mon Jul 22 16:56:30 EDT 2024
Hi,
The argus 5.0.0 fails to parse the BPF filter 'ip proto <num>'
A few samples of the error message:
ra -X -F /opt/pkgs/argus-clients-e/argus/rarc -n -c, -s stime saddr dir daddr dport state -r /archive/2024-07/16/* -- 'ip proto 50'
ArgusError: 2024-07-22 20:40:20.716884 filter syntax error: 'ip proto 50
ra -X -F /opt/pkgs/argus-clients-e/argus/rarc -n -c, -s stime saddr dir daddr dport state -r /archive/2024-07/16/* -- 'ip proto esp'
ArgusError: 2024-07-22 20:40:24.940294 filter syntax error: 'ip proto esp'
Regards,
Ming
More information about the argus
mailing list