Argus Printf Statement
Peter Van Epp
vanepp at sfu.ca
Wed Jul 12 15:25:00 EDT 2000
>
> How about something like,
>
> Wed:07/12:00:50:47:icmp:128.1.1.3:<->:128.1.0.1:10:10:::
>
> and leave null the unused fields. Comments? This would let us write
> filters
> easily and be assured that we'd have consistent data in the fields.
>
> ...cd
Yep I like this one. My way around the current one is to switch to
fixed records, but it is a kludge:
($date, $flag, $rest) = unpack("A18 A5 A200",$_);
This deals with the possibly blank flag field in the middle, but I agree it
would be much more desirable to be able to do a split on /:/ to separate
the fields (including those that are blank).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list