Context Navigation

rules.txt @ 16

Revision 8, 1.4 KB (checked in by andreu, 17 years ago)
second RENETCOL CVS Integration
Property svn:eol-style set to `native`

Line
1	# This file is an exemple
2	# you must create your own rules
3
4	# #: commented line
5	# N: rule name (string without space)
6	# O: output type (only socket in this release)
7	# C: check field : C <field ID> <operator> <value>
8	# A: aggregation scheme (not present in this release)
9	# R: field ID to record (not present in this release), if no record all fields
10	# are recorded
11	# field IDs can be found on the following url:
12	# http://www.cisco.com/en/US/tech/tk648/tk362/technologies_white_paper09186a00800a3db9.shtml
13	# in table 6
14
15	# get all IPv6 flow seen by the collector, send it to a remote client
16	# field 60 is the IP_PROTOCOL_VERSIO?
17	N test
18	O socket 10.0.0.1 3234
19	C 60 = 6
20
21	# get all IPv4 flow of a host, send it to a remote client
22	# field 8 is the IPv4_SRC_ADDR
23	N test
24	O socket 127.0.0.1 2222
25	C 8 = 192.68.0.1
26
27	# get flows from one IPv6 address, send it to a remote client
28	N test2
29	O socket 10.0.0.2 2222
30	C 27 = 2001:620:0:4:203:baff:fe4c:d99b
31
32	# This rule depends on functionnality not present in this beta release
33	# from TCP flows
34	# prefix aggregation
35	# five minutes
36	# record in/out octets
37	N TCPVolumetry
38	O file ascii /tmp/output2.txt
39	A P
40	R 4 1 R 4 25
41
42	# This rule depends on functionnality not present in this beta release
43	# get all flows whom size between 15 & 16 Mo
44	# record all fields in a file
45	N Get_From_Size
46	O file bin /tmp/output.txt
47	C 1 > 15 C 1 < 16
48
49	N 141.renater.fr
50	O socket 141.renater.fr 2222
51	C 60 = 6

Note: See TracBrowser for help on using the browser.