Hi,
You could put the port filter in a pcap_filter and have two pmacctd, one
reading http traffic, one reading dns traffic and each configured to
pick up and export the relevant primitives. Would that work for you?
Paolo
On Fri, Jan 17, 2020 at 11:45:26AM +0530, HEMA CHANDRA YEDDULA wrote:
> H
Hi,
Thanks for the prompt reply. I think there is some misinterpretation of the
scenario.I'm
trying to explain it litte more explicitly
We want to add some primitives defined by us with our PEN value. And the
primitives are
of different protocols like http and dns in same template. In our cas
Hi,
If you define certain primitives, those not present in the parsed flow
entry should be indeed left blank. If that is not the case, then it's a
bug and i'd like to ask you for a way to reproduce the issue (so your
config along with a brief capture (template + data packets) of your
data.
Pao