tcpdump mailing list archives
Multiline output
From: George Bakos <gbakos () ists dartmouth edu>
Date: Mon, 16 Dec 2002 11:29:11 -0500
Print modules that return multiline output are pretty, but make line-by-line parsing somewhat more challanging. Challenging enough so that many folks who script tcpdump (Shadow Intrusion Analysis System, included) are forced to compile out many of these modules. As the tcpdump plugin for Shadow is primarily used for IP analysis, I have patched out bgp, netbios, bootp, isakmp, although there are many others, primarily dealing with non-ip protocols. Two questions for the maintainers: 1. Would there be interest in a commandline option "-y" fo syslog-style single-line output? Most of the newline characters could be replaced, conditionally, with commas, leaving a much cleaner output stream for machine parsing. 2. Would there be broad enough interest in providing compile-time options such as: --disable-bgp, --disable-isakmp, etc. or --disable-multiline I have already done the latter, and would be happy to submit it (it will be on the ISTS Shadow distribution page) but I think the former solution would be preferred. Comments? -- George Bakos Institute for Security Technology Studies Dartmouth College gbakos () ists dartmouth edu voice 603-646-0665 fax 603-646-0666 Key fingerprint = D646 8F91 F795 27EC FF8B 8C95 B102 9EB2 081E CB85 - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Multiline output George Bakos (Dec 16)
- Re: Multiline output Guy Harris (Dec 16)
- Re: Multiline output Hannes Gredler (Dec 17)
- Re: Multiline output George Bakos (Dec 17)
- Re: Multiline output Hannes Gredler (Dec 17)
- Re: Multiline output Hannes Gredler (Dec 17)
- Re: Multiline output Guy Harris (Dec 16)