I need to examine snmp session that are longer that 30 seconds
I`m using this mate.config
So in one Gop i have all packets with same addr and ports. But after awhile (2-3 minutes) i have another snmp packets with sames ports, so them got to one Gop and i can`t use mate.snmp_ses.Duration>30 filter. What conditions i need to group snmp sessions?
asked 04 Mar '14, 06:38
So you're saying the first group of packets had an end and a new group started (or at least you want them in different GoPs)?
In that case you'll need some kind of Stop() condition other than "never". I don't know enough about SNMP to know what, if anything, you could use to do that.
(BTW I don't think you need to say "addr, addr" and "port, port" in the GoP match; just "addr, port" would be sufficient.)
answered 12 Mar '14, 17:45