NAME¶
ralabel - inserts fixed form or free form metadata labels into
argus(8). ralabel supports a number of strategies for labeling
including 1) address based, providing free form metadata, country code, geo
data and fully qualified domain name (FQDN) labeling; 2)port based, providing
free form labels using IANA port definitions, and 3) flow filter, providing
free form labels based on argus filter specicfications.
SYNOPSIS¶
ralabel -f address.file [raoptions] [--
filter-expression]
DESCRIPTION¶
Ralabel reads argus data from an argus-data source, and
selects records that include IP addresses specified by the address.spec
file. This program provides high performance address matching for any number
of addresses.
RALABEL ADDRESS SPECIFICATION¶
Ralabel, reads a number of standard IANA IP address file formats that specific
IPv4 addresses, CIDR addresses and IPV4 prefix address specification. Examples
of these file types are provided in ./support/Config.
ralabel(1) specific options are:
- -f label.strategy.specification.file
-
INVOCATION¶
This invocation reads argus(8) data from argusfile and labels
records that match any options in the ralabel.conf file.
ralabel -r argusfile -f ralabel.conf - ip
COPYRIGHT¶
Copyright (c) 2000-2016 QoSient. All rights reserved.
AUTHORS¶
Carter Bullard (carter@qosient.com).