ralabel country code mapping
carter at qosient.com
carter at qosient.com
Tue Apr 21 07:22:59 EDT 2009
All ra* programs add country codes the same, but getting the codes into the records for output requires a slightly different set of steps.
There are relabel.conf variables to do this, but it also needs to know where the delegated file is. What does your ralabel.conf file look like?
Carter
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: CS Lee <geek00l at gmail.com>
Date: Tue, 21 Apr 2009 16:14:37
To: Argus<argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] ralabel country code mapping
hi carter,
I'm using argus latest beta(3.0.2.beta.5) on mac osx.
I try to use ralabel to add country code to sco and dco field to the flow
ralabel -nr argus.out -w argus-cc.out
ra -nr argus-cc.out -s +sco +dco returns nothing at all
I can use ra -F rarc -s +sco +dco as long as my rarc contains line
RA_DELEGATED_IP=delegated-ipv4-latest, but this is just to print the country
code when reading the flow, i prefer to add the country code to the flow
field sco/dco instead.
Since ralabel has config file now, can we have something more standard like
RALABEL_CC=delegated-ipv4-latest so we can point it to the code file that i
downloaded using ragetcountrycodes.sh or I remember you mention the support
for geoip support in the next version of argus.
Currently the country code label doesn't seem to work, maybe someone can
give it a spin too to check if it works correctly or my bad.
Thanks!
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090421/b5feccba/attachment.html>
More information about the argus
mailing list