printf(3)ing flow variables (was "Re: Format strings.")

Carter Bullard carter at qosient.com
Thu Feb 7 12:37:16 EST 2002


Hey Dave,
   Cflow could be useful if it printed out all the information
that is available from argus data.  Are you interested in
making additions?


Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu 
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of 
> Dave Plonka
> Sent: Thursday, February 07, 2002 12:29 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: printf(3)ing flow variables (was "Re: Format strings.")
> 
> 
> On Tue, Feb 05, 2002 at 09:17:24PM +0200, Yotam Rubin wrote:
> > On Tue, Feb 05, 2002 at 01:42:00PM -0500, Carter Bullard wrote:
> > > Hey Yotam,
> > >    How do you envisioning this feature?  A kind
> > > of argusprintf() type function?
> > 
> > Exactly. Of course, the default format will be perserved and only 
> > overridden if the user has specified an alternative format.
> 
> If I'm understanding you correctly, you may be able to do 
> what you want using the Cflow package to which I recently 
> added argus support. E.g.
> 
>    $ flowdumper -ne '
>       printf "%s %.15s.%hu -> %.15s.%hu %hu%s %u %u\n",
>          $localtime,
>          $srcip,
>          $srcport,
>          $dstip,
>          $dstport,
>          $protocol,
>          $TCPFlags,
>          $pkts,
>          $bytes
>    ' argus.out
> 2002/01/09 17:59:51 10.42.69.10.55498 -> 10.42.69.11.25 
> 6(SYN|FIN|ACK|PUSH|RST) 15 6139 2002/01/09 17:59:51 
> 10.42.69.11.25 -> 10.42.69.10.55498 6(SYN|FIN|ACK|PUSH) 11 
> 993 2002/01/09 17:59:06 10.42.69.10.45983 -> 10.42.69.11.161 
> 17 94 7652 ...
> 
> After you install Cflow, run "perldoc Cflow" for the list of 
> flow variables which you can print and "perldoc flowdumper" 
> for other examples.
> 
> Dave
> 
> P.S. The Cflow package is here:
> 
   http://net.doit.wisc.edu/~plonka/Cflow/

-- 
plonka at doit.wisc.edu  http://net.doit.wisc.edu/~plonka  ARS:N9HZF
Madison, WI




More information about the argus mailing list