adding arbitrary lables
George Jones
fooologist at gmail.com
Mon Jul 26 10:37:24 EDT 2010
So, what would the ralabel.conf look like if I wanted *all* records on input
to be labeled "foo" ?
Thanks,
---George Jones
---------------------------------------cut
here---------------------------------------
From: Carter Bullard <carter <at> qosient.com>
Subject: Re: adding arbitrary
lables<http://news.gmane.org/find-root.php?message_id=%3c077EFEC2%2d8BF8%2d4A90%2dBA0C%2d9F7C1EA6A48E%40qosient.com%3e>
Newsgroups: gmane.network.argus <http://news.gmane.org/gmane.network.argus>
Date: 2010-06-28 14:10:38 GMT (3 weeks, 6 days, 22 hours and 51 minutes ago)
Hey George,
Well, you could do this (leaving out a lot of specifics)
... | ralabel -f ralabel.conf -w - | rasqlinsert -M label="foo" -s +label
where ralabel.conf specifies how flows are labeled and "foo" is a regular
expression that will match from the label buffer. This will insert flows
that match a particular label into a specified database table.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100726/a2bb848e/attachment.html>
More information about the argus
mailing list