home *** CD-ROM | disk | FTP | other *** search
-
- Usage:
-
- extract -a ASCII output (default)
- -b Binary output
- -n No reverse hostname lookups on ASCII output
- -h Print out brief help message
- -e script Specify script on command line (like sed -e)
- -E script Specify script on command line
- -f file Specify script file (like awk -f)
- -F file Specify script file
- -d file Specify dump file to read (default stdin)
- -o file Specify output file (default stdout)
-
- Multiple '-e', '-E', '-f' and '-F' options can be given. They are,
- in effect, treated as a single input file. '-e' and '-f' scripts
- are appended to the "input" file, while '-E' and '-F' scripts are
- prepended. Using '-E' or '-F', one can add additional functionality
- to extract script files from the command line.
-
- If neither -e or -f is given, then it is equivalent to -e '{print}'
- which will print all records.
-
-
- Script syntax:
-
- condition { action ; action ... }
-
- Where condition is used to select records for which the set of
- actions is to be performed on. condition can be "" in which case
- all records are selected.
-
- Actions:
-
- print print the record
- next Skip to next record, start processing at top of script
-
-
- Conditionals:
-
- net =, != hostname|ipaddr [/ netmask]
- srcnet =, != hostname|ipaddr [/netmask]
- dstnet =, != hostname|ipaddr [/netmask]
- host =, !=, <, >, <=, >= hostname|ipaddr
- srchost =, !=, <, >, <=, >= hostname|ipaddr
- dsthost =, !=, <, >, <=, >= hostname|ipaddr
- srcport =, !=, <, >, <=, >= service-name|port#
- dstport =, !=, <, >, <=, >= service-name|port#
- date =, !=, <, >, <=, >= MM/DD/YY | MM/DD | today | yesterday
- time =, !=, <, >, <=, >= HH:MM:SS | HH:MM
- before MM/DD/YY [HH:MM] | today [HH:MM] | yesterday [HH:MM]
- since MM/DD/YY [HH:MM] | today [HH:MM] | yesterday [HH:MM]
-
- Connectors:
-
- and, && Short circuited boolean and
- or, || Short circuited boolean or
- not, ! Unary negation
-
- All operators have equal precedence. Parenthesis can be used
- to group subexpressions.
-
