latest watcher script <fwd>
Russell Fulton
r.fulton at auckland.ac.nz
Sun Aug 6 19:43:34 EDT 2000
On Fri, 4 Aug 2000 22:05:24 -0400 Carter Bullard <carter at qosient.com>
wrote:
> Hey Russell,
> The '*' means that the port value is zero. We use
> zero when we merge Argus records together, so for ra()
> a zero in a port field could represent a real zero or
> a condition where it was several numbers merged together.
> So we report a meta-character rather than the value.
>
Hmmm.. I'm a bit confused as to why argus would merge udp records with
different port numbers. Given that argus does merge records then
surely it would be more sensible to have 0 represent a real zero and
use '*' to represent merged records.
Are there argus options that affect the merging of records? (this
would explain why I don't see these records here).
Cheers, Russell.
More information about the argus
mailing list