printf(3)ing flow variables (was "Re: Format strings.")
Dave Plonka
plonka at doit.wisc.edu
Thu Feb 7 12:29:20 EST 2002
On Tue, Feb 05, 2002 at 09:17:24PM +0200, Yotam Rubin wrote:
> On Tue, Feb 05, 2002 at 01:42:00PM -0500, Carter Bullard wrote:
> > Hey Yotam,
> > How do you envisioning this feature? A kind
> > of argusprintf() type function?
>
> Exactly. Of course, the default format will be perserved and only overridden
> if the user has specified an alternative format.
If I'm understanding you correctly, you may be able to do what you want
using the Cflow package to which I recently added argus support.
E.g.
$ flowdumper -ne '
printf "%s %.15s.%hu -> %.15s.%hu %hu%s %u %u\n",
$localtime,
$srcip,
$srcport,
$dstip,
$dstport,
$protocol,
$TCPFlags,
$pkts,
$bytes
' argus.out
2002/01/09 17:59:51 10.42.69.10.55498 -> 10.42.69.11.25 6(SYN|FIN|ACK|PUSH|RST) 15 6139
2002/01/09 17:59:51 10.42.69.11.25 -> 10.42.69.10.55498 6(SYN|FIN|ACK|PUSH) 11 993
2002/01/09 17:59:06 10.42.69.10.45983 -> 10.42.69.11.161 17 94 7652
...
After you install Cflow, run "perldoc Cflow" for the list of flow
variables which you can print and "perldoc flowdumper" for other
examples.
Dave
P.S. The Cflow package is here:
http://net.doit.wisc.edu/~plonka/Cflow/
--
plonka at doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF Madison, WI
More information about the argus
mailing list