|
Revision 73, 1.1 KB
(checked in by andreu, 15 years ago)
|
|
last changes before next release
|
-
Property svn:eol-style set to
native
|
| Line | |
|---|
| 1 | # This file is an exemple |
|---|
| 2 | # you must create your own filters |
|---|
| 3 | |
|---|
| 4 | # #: commented line |
|---|
| 5 | # N: filter name (string without space) |
|---|
| 6 | # O: output type (only socket in this release) |
|---|
| 7 | # C: check field : C <field ID> <operator> <value> |
|---|
| 8 | # A: aggregation scheme (not present in this release) |
|---|
| 9 | # R: field ID to record (not present in this release), if no record all fields |
|---|
| 10 | # are recorded |
|---|
| 11 | # field IDs can be found on the following url: |
|---|
| 12 | # http://www.cisco.com/en/US/tech/tk648/tk362/technologies_white_paper09186a00800a3db9.shtml |
|---|
| 13 | # in table 6 |
|---|
| 14 | |
|---|
| 15 | # Example |
|---|
| 16 | # Dump on 10.0.01:1111 all MPLS flow (field 46 = 5) |
|---|
| 17 | # Get this rule enable because the collector don't start without filter |
|---|
| 18 | N BUG |
|---|
| 19 | O socket 127.0.0.1 1111 |
|---|
| 20 | C 60 = 38 |
|---|
| 21 | |
|---|
| 22 | # Example |
|---|
| 23 | # This filter depends on functionnality not present in this release |
|---|
| 24 | # from TCP flows |
|---|
| 25 | # prefix aggregation |
|---|
| 26 | # five minutes |
|---|
| 27 | # record in/out octets |
|---|
| 28 | #N TCPVolumetry |
|---|
| 29 | #O file ascii /tmp/output2.txt |
|---|
| 30 | #A P |
|---|
| 31 | #R 4 1 R 4 25 |
|---|
| 32 | |
|---|
| 33 | # Example |
|---|
| 34 | # This filter depends on functionnality not present in this release |
|---|
| 35 | # get all flows whom size between 15 & 16 Mo |
|---|
| 36 | # record all fields in a file |
|---|
| 37 | #N Get_From_Size |
|---|
| 38 | #O file bin /tmp/output.txt |
|---|
| 39 | #C 1 > 15 C 1 < 16 |
|---|
| 40 | |
|---|
