headers
Mark Bartlett | 4 Sep 16:59
Picon

ratop -S localhost:561 ratop[13840]: 10:57:08.317262 ratop not compiled with curses support. install ncurses and rebuild.

Having troubles using RATOP.  Everytime I try and use it I get this error:

[root <at> snakeeyes argus-clients-3.0.2.beta.12]# ratop -S localhost:561
ratop[13840]: 10:57:08.317262 ratop not compiled with curses support.
install ncurses and rebuild.

Here are the ncurses packages I have installed:

[root <at> snakeeyes argus-clients-3.0.2.beta.12]# yum list | grep ncurses
ncurses.i386                              5.5-24.20060715              installed
ncurses-devel.i386                        5.5-24.20060715              installed

Is there a specific way I need to 'compile' ratop???

I am running on the following:

[root <at> snakeeyes /]# cat /etc/redhat-release
CentOS release 5.3 (Final)

[root <at> snakeeyes /]# uname -a
Linux snakeeyes.??.com  2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:39:21
EDT 2009 i686 i686 i386 GNU/Linux

Thanks..

Bartola
Permalink | Reply | 2 comments |
headers
Carter Bullard | 4 Sep 19:44

Re: ratop -S localhost:561 ratop[13840]: 10:57:08.317262 ratop not compiled with curses support. install ncurses and rebuild.

Hey Mark,
The clients find curses when you do the ./configure.  If you haven't  
done this
since installing, try:

    % make clobber
    % ./configure
    % make

Check that the ./configure finds either ncurses or curses.  If not  
send email.
You can type "./configure --help" and it will show you some options that
may be able to fix any problems you may have.

Carter

On Sep 4, 2009, at 10:59 AM, Mark Bartlett wrote:

> Having troubles using RATOP.  Everytime I try and use it I get this  
> error:
>
> [root <at> snakeeyes argus-clients-3.0.2.beta.12]# ratop -S localhost:561
> ratop[13840]: 10:57:08.317262 ratop not compiled with curses support.
> install ncurses and rebuild.
>
> Here are the ncurses packages I have installed:
>
> [root <at> snakeeyes argus-clients-3.0.2.beta.12]# yum list | grep ncurses
> ncurses.i386                               
> 5.5-24.20060715              installed
(Continue reading)

Permalink | Reply | 1 comment |
headers
Mark Bartlett | 4 Sep 22:44
Picon

Re: ratop -S localhost:561 ratop[13840]: 10:57:08.317262 ratop not compiled with curses support. install ncurses and rebuild.

That worked.. Thanks Carter!!!  Have a great 3 day weekend..

mab

On Fri, Sep 4, 2009 at 1:44 PM, Carter Bullard<carter <at> qosient.com> wrote:
> Hey Mark,
> The clients find curses when you do the ./configure.  If you haven't done
> this
> since installing, try:
>
>   % make clobber
>   % ./configure
>   % make
>
> Check that the ./configure finds either ncurses or curses.  If not send
> email.
> You can type "./configure --help" and it will show you some options that
> may be able to fix any problems you may have.
>
> Carter
>
> On Sep 4, 2009, at 10:59 AM, Mark Bartlett wrote:
>
>> Having troubles using RATOP.  Everytime I try and use it I get this error:
>>
>> [root <at> snakeeyes argus-clients-3.0.2.beta.12]# ratop -S localhost:561
>> ratop[13840]: 10:57:08.317262 ratop not compiled with curses support.
>> install ncurses and rebuild.
>>
>> Here are the ncurses packages I have installed:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Carter Bullard | 9 Sep 15:50

Re: [PATCH] Fixed bug for 'syn' filtering

Hey Yun,
Thanks for the fix!!!!!
We discussed this on the mailing list briefly, and I think the best approach
is to introduce a "tcpflags" keyword, for the "syn or ack or push and reset" 
like TCP flags filter, and keep "syn" as a keyword, just as you implemented
your change.

It will take me a little while to schedule the fix into the code, so bear with
me and remind me if it seems that the fix isn't getting into the code.

Carter

On Sep 8, 2009, at 5:45 AM, Yun Zheng Hu wrote:

Hello Carter,

I attached a patch that allows the argus clients to filter on the ‘syn’ flag. It was previously not possible, it would match syn + ack, altough it should only match syn.

Regards,
Yun
<argus-clients-3.0.0-syn-grammar.patch>

Attachment (smime.p7s): application/pkcs7-signature, 3815 bytes
Permalink | Reply | 0 comments |
headers
CS Lee | 10 Sep 07:02
Picon

ASN

hey carter,

I have these two lines in my ralabel.conf

RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/Users/geek00l/Downloads/GEOIP/GeoIPASNum.dat"

I use the command -

ralabel -f ralabel.conf -r argus.out -w - | ra -s label

But nothing shows up, the GeoIP city do works though. I'm using argus client 3.0.2.beta.12


Thanks.

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net

Permalink | Reply | 2 comments |
headers
CS Lee | 10 Sep 08:04
Picon

argus ralabel geoip

hi Carter and all,

In the ralabel.conf, you have these two lines -

#    Working examples could be:
#       RALABEL_GEOIP_CITY="saddr,daddr:lat/lon"
#       RALABEL_GEOIP_CITY="*:city,region,cname,lat,lon"

I think it is long instead of lon for longtitude or it won't work. Just point it out here in case anyone is using this and doesn't get it to work.

Cheers ;)

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net

Permalink | Reply | 501 comments |
headers
CS Lee | 10 Sep 08:30
Picon

Argus geoip asn

hi all,

For anyone who want to use asn reporting, I just realize that asn is in different set of field instead of inside label, so the field to print out asn in argus record are

sas
das

So now you can actually filter, sort by the asn. Cheers ;)

Carter, just forget my previous question where I asked about asn in label

Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net

Permalink | Reply | 0 comments |
headers
Carter Bullard | 10 Sep 14:11

Re: ASN

How about
   ra -s sas das

to print the values?

Carter

On Sep 10, 2009, at 1:02 AM, CS Lee wrote:

hey carter,

I have these two lines in my ralabel.conf

RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/Users/geek00l/Downloads/GEOIP/GeoIPASNum.dat"

I use the command -

ralabel -f ralabel.conf -r argus.out -w - | ra -s label

But nothing shows up, the GeoIP city do works though. I'm using argus client 3.0.2.beta.12


Thanks.

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net

Attachment (smime.p7s): application/pkcs7-signature, 3815 bytes
Permalink | Reply | 1 comment |
headers
CS Lee | 10 Sep 14:30
Picon

Re: argus ralabel geoip

hi carter,

Alright, yeah make it 3 characters standard ;)

So all features in ralabel seems to work, my next test will be on argus sql and new radium features, I will report my doing.

Thanks!

On Thu, Sep 10, 2009 at 8:13 PM, Carter Bullard <carter <at> qosient.com> wrote:
I think "lon" is the preferred way of referring to longitude, so
I'll fix the parser to match on "lon".

Carter

On Sep 10, 2009, at 2:04 AM, CS Lee wrote:

hi Carter and all,

In the ralabel.conf, you have these two lines -

#    Working examples could be:
#       RALABEL_GEOIP_CITY="saddr,daddr:lat/lon"
#       RALABEL_GEOIP_CITY="*:city,region,cname,lat,lon"

I think it is long instead of lon for longtitude or it won't work. Just point it out here in case anyone is using this and doesn't get it to work.

Cheers ;)

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net




--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net
Permalink | Reply | 0 comments |
headers
CS Lee | 10 Sep 14:16
Picon

Re: ASN

hi carter,

I have already figured it out and email the list, anyway thanks ;)

On Thu, Sep 10, 2009 at 8:11 PM, Carter Bullard <carter <at> qosient.com> wrote:
How about
   ra -s sas das

to print the values?

Carter

On Sep 10, 2009, at 1:02 AM, CS Lee wrote:

hey carter,

I have these two lines in my ralabel.conf

RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/Users/geek00l/Downloads/GEOIP/GeoIPASNum.dat"

I use the command -

ralabel -f ralabel.conf -r argus.out -w - | ra -s label

But nothing shows up, the GeoIP city do works though. I'm using argus client 3.0.2.beta.12


Thanks.

--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net




--
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net
Permalink | Reply | 0 comments |

Gmane