ralabel country code mapping
CS Lee
geek00l at gmail.com
Tue Apr 21 04:14:37 EDT 2009
hi carter,
I'm using argus latest beta(3.0.2.beta.5) on mac osx.
I try to use ralabel to add country code to sco and dco field to the flow
ralabel -nr argus.out -w argus-cc.out
ra -nr argus-cc.out -s +sco +dco returns nothing at all
I can use ra -F rarc -s +sco +dco as long as my rarc contains line
RA_DELEGATED_IP=delegated-ipv4-latest, but this is just to print the country
code when reading the flow, i prefer to add the country code to the flow
field sco/dco instead.
Since ralabel has config file now, can we have something more standard like
RALABEL_CC=delegated-ipv4-latest so we can point it to the code file that i
downloaded using ragetcountrycodes.sh or I remember you mention the support
for geoip support in the next version of argus.
Currently the country code label doesn't seem to work, maybe someone can
give it a spin too to check if it works correctly or my bad.
Thanks!
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090421/7e30d295/attachment.html>
More information about the argus
mailing list