Argus Printf Statement

Wed Jul 12 16:00:27 EDT 2000

I like the '_'.  Go for it.

	...cd

> -----Original Message-----
> From: owner-argus at lists.andrew.cmu.edu
> [mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Carter Bullard
> Sent: Wednesday, July 12, 2000 12:37 PM
> To: 'Peter Van Epp'; 'argus'
> Subject: RE: Argus Printf Statement
> 
> 
> Consensus is brewing.  I think I prefer '_' as a
> delimiter, since ':' may be in the time field, and
> '_' shouldn't be anywhere.  Right now we have a
> few switches available, and I think we can find a
> command line switch to do the right thing.
> 
> Do we want to specify the delimiter or have it go
> to a specific one?
> 
> Carter
> 
> 
> -----Original Message-----
> From: owner-argus at lists.andrew.cmu.edu
> [mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Peter Van Epp
> Sent: Wednesday, July 12, 2000 3:25 PM
> To: argus
> Subject: Re: Argus Printf Statement
> 
> 
> > 
> > How about something like,
> > 
> > Wed:07/12:00:50:47:icmp:128.1.1.3:<->:128.1.0.1:10:10:::
> > 
> > and leave null the unused fields.  Comments?  This would let us write
> > filters
> > easily and be assured that we'd have consistent data in the fields.
> > 
> > 	...cd
> 
> 	Yep I like this one. My way around the current one is to switch to 
> fixed records, but it is a kludge:
> 
>         ($date, $flag, $rest) = unpack("A18 A5 A200",$_);
> 	
> This deals with the possibly blank flag field in the middle, but 
> I agree it
> would be much more desirable to be able to do a split on /:/ to separate
> the fields (including those that are blank).
> 
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
> 