rafilteraddr issue
Phillip G Deneault
deneault at WPI.EDU
Wed Feb 3 22:09:23 EST 2010
Hello all,
I'm attempting to use rafilteraddr and I must be using it wrong, but there
isn't any authorative documentation on it. I'm using argus-clients-3.0.2
from http://qosient.com/argus/dev/ from the tarball dated 1/26/10.
Right now I'm just attemping to take a file and filter it to get a smaller
subset of records. My source file has only a handful of records and
contains my targeted IP.
I'm running:
rafilteraddr -f filtertest.txt -r /data/argusinput -w /data/argusoutput
with a file containing my one target address. If I try this command with
the one line '192.168.1.1' or '192.168.1.1/32', I get the records I
expect.
If I try '192.168.1.0/24', I get no records back at all that I should.
If I use -vf to invert my results, I get similar behavior. Filters using
the /24 are ignored, but entries with the /32 are processed correctly.
If I put more than one record in my filter list, mixing /24s and /32s, the
/24 records are ignored and the /32s are processed correctly.
Could something be parsing the file wrong? or am I doing something wrong?
Thanks,
Phil
More information about the argus
mailing list