IP only filter?
Carter Bullard
carter at qosient.com
Mon Nov 13 17:10:03 EST 2000
Hey Russell,
Yes, the 'ip' filter does that very thing. It also
filters out man records, so if you want the man records
back, you should go with "ip or man".
So I run into your -n problem regularly, when
I have a .rarc file that specifies "don't print names"
and I use the -n option on the command line out of habit.
Argus-1.x had it so that if you put -nn on the command
line, all names would revert to numbers. Having the
.rarc and a -n on the command line is the equivalent
of -nn.
Does this should like your situation?
Carter
-----Original Message-----
From: owner-argus at lists.andrew.cmu.edu
[mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Russell Fulton
Sent: Monday, November 13, 2000 4:58 PM
To: Argus (E-mail)
Subject: IP only filter?
HI Carter,
Does 'ip' filter out non IP traffic in the client filters? I
am only interested in IP traffic since nothing else will ever leave or
enter our network. It seems to 'do the right thing' but I thought I
would just check.
I think I have reported this one before and it got 'fixed' but has now
reverted ('u' dist): -n and 'delimited fields' prints the protocol as
numbers instead of words (tcp, icmp, udp...). This is at variance with
the normal output where the protocol us unaffected by -n. I don't mind
much which way we do it so long as it does not keep changing ;-)
There is some logic to having it this way since one could assume that
'delimited field' output will be going to a program and comparison/
sorting of numbers is cheaper than strings and we can always convert
them back for output if needed.
Russell.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20001113/020d46cb/attachment.html>
More information about the argus
mailing list