Argus - Cisco Netflow
Christoph Badura
bad at bsd.de
Tue Mar 13 16:37:11 EDT 2007
Hey Carter,
On Tue, Mar 13, 2007 at 03:07:57PM -0400, Carter Bullard wrote:
> the ra* programs will be extended to support this type of syntax:
>
> -S "host:proto:portnum"
>
> where the strategy is dervied from the proto field. Supported protos
> will be
> 'tcp', 'udp', 'pipe', whatever. Right now it is implied.
What do you use for host and portnum in the 'pipe' case?
Putting the protocol first looks more "natural" to me. E.g.:
tcp:host:portnum
udp:host:portnum
pipe:/path/to/pipe
local:/path/to/socket # or maybe unix:...
--chris
More information about the argus
mailing list