IP only filter?
Russell Fulton
r.fulton at auckland.ac.nz
Mon Nov 13 17:42:56 EST 2000
On Mon, 13 Nov 2000 17:10:03 -0500 Carter Bullard <carter at qosient.com>
wrote:
> Hey Russell,
> Yes, the 'ip' filter does that very thing. It also
> filters out man records, so if you want the man records
> back, you should go with "ip or man".
Great!
>
> So I run into your -n problem regularly, when
> I have a .rarc file that specifies "don't print names"
> and I use the -n option on the command line out of habit.
> Argus-1.x had it so that if you put -nn on the command
> line, all names would revert to numbers. Having the
> .rarc and a -n on the command line is the equivalent
> of -nn.
>
> Does this should like your situation?
>
Yup, that's it. I had forgotten about the .rarc file. So everything
is as it should be.
One more question:
Is there a way of flagging streams containing fragments (like the old F
flag in 1.8). I can extract such streams with frag filter but I would
like to be able to disinguish them when they are mixed with other flows.
If there isn't anything already then perhaps something in the status --
pity F and f are both used? Hmmm.. how about appending _F to the
status field when using -z or -Z.
Russell.
More information about the argus
mailing list