Multi file processing by clients
Carter Bullard
carter at qosient.com
Thu Sep 7 17:03:24 EDT 2000
Gentle people,
So I'd like to get an opinion about how to support
multifile reads for argus clients. This problem arises
because of our switch strategy, part of which we borrowed
from tcpdump(), -r for file, -S for socket and if neither,
read from stdin.
An ideal way of dealing with multiple input files would
be to use the shell expansion. An example would be:
ra -ncr *.gz
I'm sure many of you are getting excited just seeing
such a possibility. Currently we are foiled because we
also borrowed the tcpdump strategy of "everything left
at the end is filter expression". The first file gets
picked up correctly, but the next file is processed by
the filter compiler and you get an error.
A solution is to put a single '-' on the line
before the expression indicating the end of options
and the beginning of the expression. This
would allow something like:
ra -ncr *.gz - tcp and port 23
situations like this will work:
ra -r *.gz -nc tcp and port 23
become the "-nc" terminates the filename list.
I like this possibility, but habits are hard to break,
descriptions of this in the man page will not be simple,
and just putting the filter at the end without putting
the '-' is pretty convenient.
I've implemented it and it works, but that is no reason
to adopt it, as any behavior is programmable. I willing
to bite the bullet for progress, any opinions??????
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 17A
New York, New York 10022
carter at qosient.com
Phone +1 212 813-9426
Fax +1 212 813-9426
More information about the argus
mailing list