File: racolor.conf.5

package info (click to toggle)
argus-clients 1%3A5.0.2%2Bgit20250321.41f65e2-2
  • links: PTS
  • area: main
  • in suites: forky, sid, trixie
  • size: 45,848 kB
  • sloc: ansic: 175,393; perl: 4,405; sh: 4,064; makefile: 2,520; lex: 517; yacc: 433; python: 62
file content (64 lines) | stat: -rw-r--r-- 2,477 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
.\"
.\" Argus-5.0 Software
.\" Copyright (c) 2000-2024 QoSient, LLC
.\" All rights reserved.
.\"
.\"
.TH RACOLOR.CONF 5 "30 September 2016" "racolor.conf 5.0.3"
.SH NAME
\fBracolor.conf\fP \- \fBracolor\fP resource file.
.SH SYNOPSIS
.B racolor.conf
.SH DESCRIPTION

This configuration is a color configuration file for ratop.1.
It is modeled after a ralabel(1) configuration file.  This
configuration would be referenced in a \fBratop.1\fP
\fBrarc.5\fP configuration file, using the RA_COLOR_CONFIG variable.

The concept is to provide a number of painting strategies
for any or all fields in an argus record.  This allows the
user to specify the order of the painting, hopefully to get
a useful end result.

The method used is flow filter based field painting, which 
uses the standard flow filter strategies to provide a general 
purpose coloring scheme.

The concept is similar to racluster()'s fall through matching
scheme.  Fall through the list of filters, if it matches, use
the color specification to paint specific fields in the record.
If you want to continue through the list, once there is
a match,  add a "cont" to the end of the matching rule.

.nf
The format is:
   filter="ra filter"  color="field[,field,...]:COLOR[+ATTRIBUTE]"  [cont]

   filter can be any working ra flow record filter, contained in double quotes

   color is composed of a comma separated list of fields, that will be painted
   using the ncurses supported COLOR(s) and an optional ATTRIBUTE(s).

   each line can be followed with an optional "cont"inue label, to indicate
   that it should not stop with this match, but keep going down the list.


A working example color specification is:

   filter="udp"                    color="proto:VIOLET"                                cont
   filter="tcp"                    color="saddr,daddr,dir,sport,dport,proto:WHITE"     cont
   filter="tcp and dst port http"  color="dport:GREEN"                                 cont
   filter="tcp"                    color="sport:BLUE+DIM"                              cont
   filter="dst port domain"        color="dport:CYAN+DIM"                              cont
   filter="dst port imaps"         color="dport:MAGENTA+DIM"                           cont
   filter="src pkts gt 50"         color="spkts,dpkts,sbytes,dbytes:RED+BLINK"
   filter="src co CN"              color="all:RED+BLINK" 
.fi

.SH COPYRIGHT
Copyright (c) 2000-2024 QoSient. All rights reserved.
   
.RE
.SH SEE ALSO
.BR ratop (1)