On Mon, Apr 04, 2011 at 03:03:59PM -0500, David Faught wrote: > At Thu Feb 3 09:01:21 EST 2011, Michael W. Lucas wrote: > > >There's examples at: > > > >http://blather.michaelwlucas.com/?p=482 > > > >http://blather.michaelwlucas.com/?p=494 > > > >using this in filter.cfg: > > > >filter-definition ip-addr > > match ip-source-address VAR_ADDR > > or > > match ip-destination-address VAR_ADDR > > > >Also ip-source-address and ip-destination-address > > What version of flow-tools are you using for this? The version I have > doesn't look like it has this capability.
The latest from code.google.com. But it's been in the last several versions. Search your filter.cfg for VAR, you should find other examples. If not there, check the original source code; your OS package might have removed it. ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ [email protected], Twitter @mwlauthor _______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
