Hi Georgios,
You can make the mapping specific to a plugin no problem, ie.:
plugins: print[inbound], print[outbound]
!
pre_tag_map[inbound]: /path/to/pretag-inbound.map
! [.. ]
!
pre_tag_map[outbound]: /path/to/pretag-outbound.map
! [ .. ]
!
Paolo
On Mon, Nov 13, 2017 at 10:49:59AM +0100, Geo
Hi Paolo,
Glad I could help.
Just a note though. To my understanding, if this mapping is global, then
a packet with source IP in the first range, and destination IP in the
second, will only get the first label, after the first rule matches.
So if one does aggregates based on dst_host / src_host,
Hi Georgios,
Very cool, thanks for sharing this. I think there is also good material
for me for extra documentation here.
Paolo
On Fri, Nov 10, 2017 at 06:40:56PM +0100, Georgios Kaklamanos wrote:
> Hi,
>
> Ok, it was an error from my part.
>
> The filter syntax expects to specify the addre
Hi,
Ok, it was an error from my part.
The filter syntax expects to specify the addresses in hex format and
compare it with the specific octets of the IP packet that define the
source IP and the destination IP.
So for the previous example where I want to have:
labelA: 192.168.0.1 - 192.168.0.100
Dear Paolo,
Thanks for the fast reply.
My main issue is that some of the ranges we have, do not fit into subnets.
For example:
labelA: 192.168.0.1 - 192.168.0.100
labelB: 192.168.0.101 - 192.168.0.200
That is why I was trying to play around with the less than / greater
than operators, combined
Hi Georgios,
The 'filter' keyword in pre_tag_map accepts a libpcap/tcpdump filter
syntax - what you would find working as a filter in tcpdump, should work
here too. To express IP ranges, you should use IP subnets, for example:
set_label=labelAfilter='net 192.168.0.0/17'
set_label=labelB
