rafilteraddr issue
Phillip Deneault
deneault at WPI.EDU
Fri Feb 5 13:17:32 EST 2010
Hey Carter
Thanks for looking at it... any luck yet?
Phil
On 2/3/2010 10:23 PM, carter at qosient.com wrote:
> Hey Phillip,
> rafilteraddr() should do the right thing.
> I'll take a look tonight to see if its straightforward.
>
> Carter
>
> ------Original Message------
> From: Phillip G Deneault
> Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
> To: Argus
> Subject: [ARGUS] rafilteraddr issue
> Sent: Feb 3, 2010 10:09 PM
>
> Hello all,
>
> I'm attempting to use rafilteraddr and I must be using it wrong, but there
> isn't any authorative documentation on it. I'm using argus-clients-3.0.2
> from http://qosient.com/argus/dev/ from the tarball dated 1/26/10.
>
> Right now I'm just attemping to take a file and filter it to get a smaller
> subset of records. My source file has only a handful of records and
> contains my targeted IP.
>
> I'm running:
> rafilteraddr -f filtertest.txt -r /data/argusinput -w /data/argusoutput
>
> with a file containing my one target address. If I try this command with
> the one line '192.168.1.1' or '192.168.1.1/32', I get the records I
> expect.
>
> If I try '192.168.1.0/24', I get no records back at all that I should.
>
> If I use -vf to invert my results, I get similar behavior. Filters using
> the /24 are ignored, but entries with the /32 are processed correctly.
>
> If I put more than one record in my filter list, mixing /24s and /32s, the
> /24 records are ignored and the /32s are processed correctly.
>
> Could something be parsing the file wrong? or am I doing something wrong?
>
> Thanks,
> Phil
>
>
>
>
> Sent from my Verizon Wireless BlackBerry
More information about the argus
mailing list