rafilteraddr issue
carter at qosient.com
carter at qosient.com
Wed Feb 3 22:23:21 EST 2010
Hey Phillip,
rafilteraddr() should do the right thing.
I'll take a look tonight to see if its straightforward.
Carter
------Original Message------
From: Phillip G Deneault
Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
To: Argus
Subject: [ARGUS] rafilteraddr issue
Sent: Feb 3, 2010 10:09 PM
Hello all,
I'm attempting to use rafilteraddr and I must be using it wrong, but there
isn't any authorative documentation on it. I'm using argus-clients-3.0.2
from http://qosient.com/argus/dev/ from the tarball dated 1/26/10.
Right now I'm just attemping to take a file and filter it to get a smaller
subset of records. My source file has only a handful of records and
contains my targeted IP.
I'm running:
rafilteraddr -f filtertest.txt -r /data/argusinput -w /data/argusoutput
with a file containing my one target address. If I try this command with
the one line '192.168.1.1' or '192.168.1.1/32', I get the records I
expect.
If I try '192.168.1.0/24', I get no records back at all that I should.
If I use -vf to invert my results, I get similar behavior. Filters using
the /24 are ignored, but entries with the /32 are processed correctly.
If I put more than one record in my filter list, mixing /24s and /32s, the
/24 records are ignored and the /32s are processed correctly.
Could something be parsing the file wrong? or am I doing something wrong?
Thanks,
Phil
Sent from my Verizon Wireless BlackBerry
More information about the argus
mailing list