Interesting artifact with this report file.
flow-cat ft* | flow-report -s /etc/flow-tools/cfg/stat.cfg -S high-level - Yields the correct list of dest ports.
flow-cat ft* | flow-report -s /etc/flow-tools/cfg/stat.cfg -S med-level
- And low-level both output the column header and the first row.. and the first row is repeated forever in a loop.
Anyone see this behavior?
Nick
stat-report high-level-rpt
type ip-destination-port
filter noise
output
format asciistat-definition high-level report high-level-rpt
stat-report low-level-rpt
type ip-source/destination-address/ip-destination-port
filter noise
output
format asciistat-definition low-level report low-level-rpt
stat-report mid-level-rpt
type ip-destination-address/ip-destination-port
filter noise
output
format asciistat-definition mid-level report mid-level-rpt
filter-primitive protocols type ip-protocol permit 6 permit 17 default deny
filter-primitive snmpdump type ip-port deny 161 deny 162 default permit
filter-primitive backnoise type ip-address-mask deny 192.168.0.0 255.255.252.0 deny 224.0.0.0 240.0.0.0 default permit
filter-primitive localdest type ip-address-mask deny 172.21.0.0 255.255.0.0 deny 10.0.0.0 255.0.0.0 deny 192.168.0.0 255.255.0.0 default permit
filter-definition noise match ip-protocol protocols match ip-source-address backnoise match ip-destination-address backnoise match ip-destination-port snmpdump match ip-destination-address localdest
--
Nick Ellson
CCDA, CCNP, CCSP, CCAI, MCSE 2000, Security+, Network+
Network Hobbyist.
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
