Author: Ulrich Weissensteiner <UWeissensteiner AT ITC-DETMOLD DOT DE>
Date: Fri, 4 Sep 1998 16:53:56 +0200
HTH Is there a possibility to check not only the hostname (NVATTR_2) but also the interface number or interface description in a ruleset ? As I understand it I have to parse the "formated event descr
Author: "Boyles, Gary P" <gary.p.boyles AT INTEL DOT COM>
Date: Fri, 4 Sep 1998 08:11:55 -0700
The interface address is given in the 1st word of $NVATTR_4. $NVATTR_3 usually contains the message, which does contain the description, but I'd go with the address. Regards, Gary Boyles, gary.p.boyl
The match functions, both pass and reset, allow you to substring, in effect, a trap variable, down to the word level. For example, "3.2" means "the second word of the third variable", which is what m
[...] If you are doing it inside of an action or inline action script, You can do this: If NVATTR_4 is something like "153.2.0.21 912039191 10234 10235" then you can do: set $NVATTR_4 and $1 = 153.2