"Fossies" - the Fresh Open Source Software Archive

Member "log_analysis-0.46/doc/sample-tcpdump.conf" (29 Mar 2002, 773 Bytes) of package /linux/privat/old/log_analysis-0.46.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Generic config files source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 #
    2 # this config demonstrates how to use log_analysis in real mode to monitor
    3 # commands that continuously produce output
    4 #
    5 config_version 0.40.02
    6 
    7 add arr log_type_list=
    8 tcpdump
    9 
   10 # no date, but there is a timestamp to strip
   11 set var tcpdump_date_pattern=^()\d{2}:\d{2}:\d{2}\.\d{6}\s+
   12 set var tcpdump_date_format=
   13 
   14 set arr tcpdump_filenames=
   15 tcpdump
   16 
   17 add var PATH=:/usr/local/sbin
   18 
   19 set var tcpdump_open_command=tcpdump -nl
   20 
   21 set var tcpdump_open_command_is_continuous=1
   22 
   23 logtype: tcpdump
   24     pattern: ($pat{host})\.($pat{word}) \> ($pat{host})\.($pat{word})\:.*
   25         format: "%-15s => %-15s %s", $1, $3, $4
   26         use_sprintf
   27         dest:   packet intercepted
   28     
   29     pattern: arp who-has ($pat{ip}) tell ($pat{ip})
   30         format: "%-15s is looking for %s", $2, $1
   31         use_sprintf
   32         dest:   ARP request