argus-clients 3.0.7.25
CS Lee
geek00l at gmail.com
Wed Apr 30 22:49:37 EDT 2014
hi Carter,
I grabbed the latest argus clients and still have problem with the filter,
for example
ra -nr ssh-normal.arg3 -s saddr daddr pcr
SrcAddr DstAddr PCRatio
192.168.221.1 192.168.221.128 -0.320590
192.168.221.1 192.168.221.128 -1.000000
192.168.221.1 192.168.221.128 -0.758157
192.168.221.1 192.168.221.128 -0.973510
192.168.221.1 192.168.221.128 -0.771429
192.168.221.1 192.168.221.128 -0.901993
192.168.221.1 192.168.221.128 -0.261261
192.168.221.1 192.168.221.128 -0.137255
192.168.221.1 192.168.221.128 -0.411765
192.168.221.1 192.168.221.128 -0.088608
192.168.221.1 192.168.221.128 0.000000
192.168.221.1 192.168.221.128 0.000000
192.168.221.1 192.168.221.128 -0.024390
192.168.221.1 192.168.221.128 -0.032258
192.168.221.1 192.168.221.128 -0.573333
192.168.221.1 192.168.221.128 -0.087719
Looks good if I just use the filter to match rounded value -
ra -nr ssh-normal.arg3 -s saddr daddr pcr - 'pcr eq 0'
SrcAddr DstAddr PCRatio
192.168.221.1 192.168.221.128 0.000000
192.168.221.1 192.168.221.128 0.000000
ra -nr ssh-normal.arg3 -s saddr daddr pcr - 'pcr eq -1'
SrcAddr DstAddr PCRatio
192.168.221.1 192.168.221.128 -1.000000
For floating value, it seems not working -
ra -nr ssh-normal.arg3 -s saddr daddr pcr - 'pcr eq -0.573333'
No output
ra -nr ssh-normal.arg3 -s saddr daddr pcr - 'pcr eq -0.024390'
No output
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140501/ef712e92/attachment.html>
More information about the argus
mailing list