meaning of "*" in the state field?
Carter Bullard
carter at qosient.com
Wed May 7 13:40:32 EDT 2014
Hey Zi,
A ‘*’ at the end of any field indicates that the field was truncated
due to not enough space to print the string. With the -Zb option
you should set your state field to be 8-10 chars.
In your ~/.rarc file, use something like this:
RA_FIELD_SPECIFIER="stime dur flgs proto saddr sport dir daddr dport spkts dpkts sbytes dbytes state:10”
Notice the field length specifier in the state field:
state:10
You can do this on the commandline:
ra -s stime dur flgs proto saddr sport dir daddr dport spkts dpkts sbygtes dbytes state:10 -r file
I’ll add this to the manpage.
Carter
On May 7, 2014, at 1:33 PM, Zi Hu <zihu at usc.edu> wrote:
> Hi,
>
> When I print argus flow using "ra" with the option "-Zb", I see some flow state like "FPA_*".
>
> I understand what "F" "P" "A" means here, but what's the meaning of "*" ?
> By the way, I didn't find an explanation in the manual: http://qosient.com/argus/man/man1/ra.1.pdf
>
> Any hints are welcomed.
>
> thanks
> -Zi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140507/e1c4185e/attachment.sig>
More information about the argus
mailing list