Hi,
There was a very similar thread going on few days ago - and still not
solved;
you can check it out at the link below:
http://www.mail-archive.com/pmacct-discussion@pmacct.net/msg01374.html
yeah I went through that link through also but couldn't get the problems
solved yet.
As Paolo in that thread + Mike in this thread mentioned I delete the
finger.pat from the directory and it increased the number of identified
http patterns but still all the http packets are not displayed as http. the
rest is now displayed as unknown.
* see if the HTTP classifier is written correctly. Not referring only
to the regexp but to the overall syntax. The implemented format is
*veeery* sensible to tabs, spaces, white lines, etc. So try to keep
it essential. Strip comments and empty lines out.
I also removed commented lines and other unwanted lines in the http.pat so
that it will display as follows.
http
http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d -~]*(connection:|
content-type:|content-length:|date:)|post [\x09-\x0d -~]* http/[01]\.[019]
and the my output of the traffic classification shown as follows
here most of the http packets are still shown as unknown and some of the
ssh pacekts as classified as edonkey.
Thanks,
Buddhike.
--
breakIT
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
