Argus - Cisco Netflow
carter at qosient.com
carter at qosient.com
Tue Mar 13 16:46:13 EDT 2007
Well, host:proto:port is a natural hierarchy/granularity, but it could also take the form of a URL.
proto://host:port
But I never liked that format.
Carter
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-----Original Message-----
From: Christoph Badura <bad at bsd.de>
Date: Tue, 13 Mar 2007 21:37:11
To:Argus <argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] Argus - Cisco Netflow
Hey Carter,
On Tue, Mar 13, 2007 at 03:07:57PM -0400, Carter Bullard wrote:
> the ra* programs will be extended to support this type of syntax:
>
> -S "host:proto:portnum"
>
> where the strategy is dervied from the proto field. Supported protos
> will be
> 'tcp', 'udp', 'pipe', whatever. Right now it is implied.
What do you use for host and portnum in the 'pipe' case?
Putting the protocol first looks more "natural" to me. E.g.:
tcp:host:portnum
udp:host:portnum
pipe:/path/to/pipe
local:/path/to/socket # or maybe unix:...
--chris
More information about the argus
mailing list