tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Multiline output

From: George Bakos <gbakos () ists dartmouth edu>
Date: Mon, 16 Dec 2002 11:29:11 -0500
Print modules that return multiline output are pretty, but make
line-by-line parsing somewhat more challanging. Challenging enough so that
many folks who script tcpdump (Shadow Intrusion Analysis System, included)
are forced to compile out many of these modules.

As the tcpdump plugin for Shadow is primarily used for IP analysis, I have
patched out bgp, netbios, bootp, isakmp, although there are many others,
primarily dealing with non-ip protocols.

Two questions for the maintainers:

1. Would there be interest in a commandline option "-y" fo syslog-style
single-line output? Most of the newline characters could be replaced,
conditionally, with commas, leaving a much cleaner output stream for
machine parsing.

2. Would there be broad enough interest in providing compile-time options such as:

        --disable-bgp, --disable-isakmp, etc.
        or
        --disable-multiline

I have already done the latter, and would be happy to submit it (it will
be on the ISTS Shadow distribution page) but I think the former solution
would be preferred.

Comments?

-- 
George Bakos
Institute for Security Technology Studies
Dartmouth College
gbakos () ists dartmouth edu
voice   603-646-0665
fax     603-646-0666
Key fingerprint = D646 8F91 F795 27EC FF8B  8C95 B102 9EB2 081E CB85
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: