argus changes
David Brumley
dbrumley at rtfm.stanford.edu
Tue Jul 11 14:44:42 EDT 2000
I would like to see added to argus:
a. The abililty to define a record file per expression, i.e.
( -w port111traffic port 111) ( -w incident00-0798 host gea) .....
this may be too big of a change :)
b. The ability to save diagnostic output (bytes/hour, droped bytes,
etc) as a file (yea, I know this can be done, but it means rotating two
logs instead of just restarting the argus process :)
c. A little more documentation.
Cheers,
david
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security - dbrumley at Stanford.EDU
Phone: +1-650-723-2445 WWW: http://www.stanford.edu/~dbrumley
Fax: +1-650-725-9121 PGP: finger dbrumley-pgp at sunset.Stanford.EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
c:\winnt> secure_nt.exe
Securing NT. Insert Linux boot disk to continue......
"I have opinions, my employer does not."
More information about the argus
mailing list