argus changes
Russell Fulton
r.fulton at auckland.ac.nz
Tue Jul 11 19:02:29 EDT 2000
On Tue, 11 Jul 2000 11:44:42 -0700 (PDT) David Brumley
<dbrumley at rtfm.stanford.edu> wrote:
> I would like to see added to argus:
> a. The abililty to define a record file per expression, i.e.
> ( -w port111traffic port 111) ( -w incident00-0798 host gea) .....
> this may be too big of a change :)
Yes, I would like that too. In particular I would like to be able
to say something like
-S argus.auckland.ac.nz (-w everything) ( -w - filter )
I.e. from my perl watch script I want to collect all argus data to a
file and pipe a subset to stdout for analysis by the script.
This sort of thing is probably best handled in a configuration file
rather than making the command line parsing hideously complex (and
requiring shell escapes etc.
>
> b. The ability to save diagnostic output (bytes/hour, droped bytes,
> etc) as a file (yea, I know this can be done, but it means rotating two
> logs instead of just restarting the argus process :)
Use NeTraMet ;-)
>
> c. A little more documentation.
>
Hmmm... I seem to remember I volunteered to help with that :) I will
try and put some effort into it soon.
Russell.
More information about the argus
mailing list