ralabel − inserts fixed form or free form metadata labels into argus(8). ralabel supports a number of strategies for labeling including 1) address based, providing free form metadata, country code, geo data and fully qualified domain name (FQDN) labeling; 2)port based, providing free form labels using IANA port definitions, and 3) flow filter, providing free form labels based on argus filter specicfications.
ralabel −f address.file [raoptions] [-- filter-expression]
Ralabel reads argus data from an argus-data source, and selects records that include IP addresses specified by the address.spec file. This program provides high performance address matching for any number of addresses.
Ralabel, reads a number of standard IANA IP address file formats that specific IPv4 addresses, CIDR addresses and IPV4 prefix address specification. Examples of these file types are provided in ./support/Config.
ralabel(1) specific options are:
−f label.strategy.specification.file
This invocation reads argus(8) data from argusfile and labels records that match any options in the ralabel.conf file.
ralabel -r argusfile -f ralabel.conf - ip
Copyright (c) 2000-2016 QoSient. All rights reserved.
ralabel.conf.5, ra(1), rarc(5), argus(8),
Carter Bullard (carter AT qosient DOT com).