rasplit -M flow problem
carter at qosient.com
carter at qosient.com
Tue Apr 21 07:16:02 EDT 2009
Hmmmm,
I'll look at this tonight. The idea here is to use an improbable flow as a traffic marker, and to change collection targets using that flow as the trigger.
"tcp" would not be a good trigger. More like "echo and host A and B".
Carter
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: CS Lee <geek00l at gmail.com>
Date: Tue, 21 Apr 2009 16:33:19
To: Argus<argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] rasplit -M flow problem
hi carter,
In rasplit man page, there is
-M splitmode
Supported spliting modes are:
count <num>
size <size>
time <period>
flow "filter-expression"
When I invoke rasplit with -M flow 'tcp', it says rasplit[86169]:
16:30:30.153365 flow filter parse error
I have tried with other filter expression but it doesn't seem to work.
Cheers ;]
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090421/471527d7/attachment.html>
More information about the argus
mailing list