rafilteraddr - Man Page

select argus(8) data based on an IANA IP address file.

Synopsis

rafilteraddr [-f address.file [ [-v] [raoptions] [-- filter-expression]

Description

Rafilteraddr reads argus data from an argus-data source, and selects records that include IP addresses specified by the address.spec file.  This program provides high performance address matching for any number of addresses.

Rafilteraddr Address Specification

Rafilteraddr, reads a number of standard IANA IP address file formats that specify IPv4, CIDR and IPV4 prefix addresses.  Examples of these file types are provided in ./support/Config.

rafilteraddr(1) specific options are:

-f <IPv4 address specification>>

Specify the list of addresses used for the address filter. This file can be in several IANA based address specification formats, and is the same format as the address labels for ralabel.1.

-v

Invert the logic and print flows that don't match any of the addresses.

Invocation

This invocation reads argus(8) data from argusfile and prints records that match any of the IP addresses in the iana-ipv4-addresses.

 
   rafilteraddr -r argusfile -f iana-ipv4-addresses -- ip

An example address specification that describes a mix of CIDR addresses, IPv4 address ranges and explicit addresses:

  192.168.0.0/24
  192.168.1.3-192.168.2.45
  207.237.36.98

See Also

ralabel.conf(5), ra(1), rarc(5), argus(8),

Authors

Carter Bullard (carter@qosient.com).

Info

12 August 2003 rafilteraddr 3.0.8