How to filter results by srcid when it is arbitrary text
The Branches
branchbunch at gmail.com
Mon Jul 25 14:50:01 EDT 2011
Carter,
I'm assigning 3-4 character textual labels as the srcid values for argus
records corresponding to different sniffing interfaces and it is working
quite nicely. One thing I have not been able to figure out yet is how
to reference the srcid in a filter expression when it is arbitrary
text. I've tried a variety of ways to do this, like:
ra -r argus.out - "srcid eth2"
ra -r argus.out - srcid "eth2"
ra -r argus.out - srcid \"eth2\"
ra -r argus.out - "srcid 'eth2'"
ra -r argus.out - "srcid \'eth2\'"
but I always get back a syntax error complaining about the eth2 part.
It seems to consider any kind of single or double quote usage around the
eth2 part as an illegal character situation, but without using quotes it
tries to resolve eth2 to an IP number.
No press on this. My argus records from different source interfaces
drop into different filenames corresponding to the srcid anyway.
Eventually it would be nice to filter by srcid when it is arbitrary text.
Kevin
More information about the argus
mailing list