rasplit -M flow problem
CS Lee
geek00l at gmail.com
Tue Apr 21 12:03:21 EDT 2009
hi carter,
Same error with the filter you mentioned.
Thanks!
On Tue, Apr 21, 2009 at 7:16 PM, <carter at qosient.com> wrote:
> Hmmmm,
> I'll look at this tonight. The idea here is to use an improbable flow as a
> traffic marker, and to change collection targets using that flow as the
> trigger.
>
> "tcp" would not be a good trigger. More like "echo and host A and B".
>
> Carter
>
> Sent from my Verizon Wireless BlackBerry
>
> ------------------------------
> *From*: CS Lee
> *Date*: Tue, 21 Apr 2009 16:33:19 +0800
> *To*: Argus<argus-info at lists.andrew.cmu.edu>
> *Subject*: [ARGUS] rasplit -M flow problem
> hi carter,
>
> In rasplit man page, there is
>
> -M splitmode
> Supported spliting modes are:
> count <num>
> size <size>
> time <period>
> flow "filter-expression"
>
> When I invoke rasplit with -M flow 'tcp', it says rasplit[86169]:
> 16:30:30.153365 flow filter parse error
>
> I have tried with other filter expression but it doesn't seem to work.
>
> Cheers ;]
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
>
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090422/2d59e083/attachment.html>
More information about the argus
mailing list