meaning of "*" in the state field?
Zi Hu
zihu at usc.edu
Wed May 7 13:57:36 EDT 2014
Got it, that's really helpful.
Thanks
-Zi
On Wed, May 7, 2014 at 10:40 AM, Carter Bullard <carter at qosient.com> wrote:
> Hey Zi,
> A ‘*’ at the end of any field indicates that the field was truncated
> due to not enough space to print the string. With the -Zb option
> you should set your state field to be 8-10 chars.
>
> In your ~/.rarc file, use something like this:
>
> RA_FIELD_SPECIFIER="stime dur flgs proto saddr sport dir daddr dport spkts
> dpkts sbytes dbytes state:10”
>
> Notice the field length specifier in the state field:
>
> state:10
>
> You can do this on the commandline:
>
> ra -s stime dur flgs proto saddr sport dir daddr dport spkts dpkts
> sbygtes dbytes state:10 -r file
>
> I’ll add this to the manpage.
>
>
> Carter
>
>
> On May 7, 2014, at 1:33 PM, Zi Hu <zihu at usc.edu> wrote:
>
> > Hi,
> >
> > When I print argus flow using "ra" with the option "-Zb", I see some
> flow state like "FPA_*".
> >
> > I understand what "F" "P" "A" means here, but what's the meaning of "*" ?
> > By the way, I didn't find an explanation in the manual:
> http://qosient.com/argus/man/man1/ra.1.pdf
> >
> > Any hints are welcomed.
> >
> > thanks
> > -Zi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140507/e7b7b5e5/attachment.html>
More information about the argus
mailing list