rasplit -M flow problem
Carter Bullard
carter at qosient.com
Wed Apr 22 21:56:18 EDT 2009
Hey CS Lee,
Here is the patch that fixes the "-M flow filter" option for rasplit().
rastream() will be very similar.
Carter
diff rasplit.c rasplit.c.new
265c265
< if (mode != NULL) {
---
> if ((mode = mode->nxt) != NULL) {
On Apr 21, 2009, at 4:33 AM, CS Lee wrote:
> hi carter,
>
> In rasplit man page, there is
>
> -M splitmode
> Supported spliting modes are:
> count <num>
> size <size>
> time <period>
> flow "filter-expression"
>
> When I invoke rasplit with -M flow 'tcp', it says rasplit[86169]:
> 16:30:30.153365 flow filter parse error
>
> I have tried with other filter expression but it doesn't seem to work.
>
> Cheers ;]
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090422/8f75d005/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090422/8f75d005/attachment.bin>
More information about the argus
mailing list