Argus Printf Statement
Carter Bullard
carter at qosient.com
Wed Jul 12 15:37:18 EDT 2000
Consensus is brewing. I think I prefer '_' as a
delimiter, since ':' may be in the time field, and
'_' shouldn't be anywhere. Right now we have a
few switches available, and I think we can find a
command line switch to do the right thing.
Do we want to specify the delimiter or have it go
to a specific one?
Carter
-----Original Message-----
From: owner-argus at lists.andrew.cmu.edu
[mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Peter Van Epp
Sent: Wednesday, July 12, 2000 3:25 PM
To: argus
Subject: Re: Argus Printf Statement
>
> How about something like,
>
> Wed:07/12:00:50:47:icmp:128.1.1.3:<->:128.1.0.1:10:10:::
>
> and leave null the unused fields. Comments? This would let us write
> filters
> easily and be assured that we'd have consistent data in the fields.
>
> ...cd
Yep I like this one. My way around the current one is to switch to
fixed records, but it is a kludge:
($date, $flag, $rest) = unpack("A18 A5 A200",$_);
This deals with the possibly blank flag field in the middle, but I agree it
would be much more desirable to be able to do a split on /:/ to separate
the fields (including those that are blank).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list