Flag Question

Carter Bullard carter at qosient.com
Fri Oct 1 12:50:43 EDT 2010 

Hey Bartlett,
Mail list site looks good, using the link you provided.  Maybe just a transient error?

So not sure what you are asking.  Is it comparisons/descriptions of the "State" variable
with the "Flags" variable?  Both fields are pretty well documented in the ra.1 man page?

Being able to pick out these states from MySQL calls maybe a challenge, as you end up
with a string in the database, say if you printed out the State field using the -z option, and
I'm not sure how to ask MySQL to match on the str[3] character, as an example.

The better question maybe to ask, how can we pre-process the data to generate indexes
that can deal with this type of query?  radium() could be used to enrich/label the argus data
as it is collected, and rasqltimeindex() is right now only indexing time, but the strategy could
easily handle any field in the data.  If we had some dialog as to what we would
want to query for, that maybe easiest.

Carter

On Oct 1, 2010, at 12:08 PM, Mark Bartlett wrote:

> Hello all,
> 
> is there any documentation available showing argus flag output and how
> it compares to flag options?? (E = ?, D = ?, SYN = ?, etc)
> 
> I am storing all my argus data in a database and want to create a
> couple of sql queries to display different traffic, like all SYN
> traffic, etc.
> 
> And Carter.. The "Mail Archive" link is giving me an error:
> http://news.gmane.org/gmane.network.argus.
> 
> I get this error message:
> Error GMANE-03252: Something is wrong. Perhaps something didn't match
> a group name. Perhaps something else.
> 
> 
> 
> Thanks.
> 
> Bartlett
> 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101001/a070827a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101001/a070827a/attachment.bin>

More information about the argus mailing list