ralabel - Man Page

inserts fixed form or free form metadata labels into argus(8). ralabel supports a number of strategies for labeling including 1) address based, providing free form metadata, country code, geo data and fully qualified domain name (FQDN) labeling; 2)port based, providing free form labels using IANA port definitions, and 3) flow filter, providing free form labels based on argus filter specicfications.

Synopsis

ralabel -f address.file [raoptions] [-- filter-expression]

Description

Ralabel reads argus data from an argus-data source, and selects records that include IP addresses specified by the address.spec file.  This program provides high performance address matching for any number of addresses.

Ralabel Address Specification

Ralabel, reads a number of standard IANA IP address file formats that specific IPv4 addresses, CIDR addresses and IPV4 prefix address specification. Examples of these file types are provided in ./support/Config.

ralabel(1) specific options are:

-f label.strategy.specification.file

Invocation

This invocation reads argus(8) data from argusfile and labels records that match any options in the ralabel.conf file.

 
   ralabel -r argusfile -f ralabel.conf - ip

See Also

ralabel.conf(5), ra(1), rarc(5), argus(8),

Authors

Carter Bullard (carter@qosient.com).

Referenced By

racolor.conf(5), ralabel.conf(5).

12 August 2003 ralabel 3.0.8