argus ra print field
CS Lee
geek00l at gmail.com
Thu Nov 26 07:21:50 EST 2009
hi carter,
There's one thing i see when comes to consume argus data, sometimes when
certain field has no value, it is blank. This makes the data inconsistent,
is that possible to replace the blank field as zero or null instead of
printing nothing, for example some of the fields like sttl dttl, and others
like stcpb dtcpb and so forth, for example stcpb and dtcpb, tcprtt are not
printed in icmp flow.
Thanks!
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091126/54c26c29/attachment.html>
More information about the argus
mailing list