Further (broken) argus-2.0.0 patches
Carter Bullard
carter at qosient.com
Sun Sep 3 11:02:16 EDT 2000
Hey Neil,
If we're going to get into debugging, I'd
like to mention some "tricks" that will be useful.
We have an ARGUSDEBUG define that turns on a
function called ArgusDebug, which is scattered
throughout the argus server code set. To turn it
on the, and the right kind of options for the
compilers, create two files in your argus root
directory and rerun ./configure. These two files
are:
.devel
.debug
With these two files in the root directory, ./configure
takes care of all things. This will enable the
-d 'level' switch on all server and client programs.
Carter
-----Original Message-----
From: Neil Long [mailto:neil.long at computing-services.oxford.ac.uk]
Sent: Sunday, September 03, 2000 10:57 AM
To: carter at qosient.com
Cc: 'argus'
Subject: Re: Further (broken) argus-2.0.0 patches
> I had completely forgotten the '-e' and '-a'
> options so they go in on Tuesday. An option that
> you do want to test is the multiple '-w filename "filter"'
> expressions, the filter needs to be quoted for the
> thing to work. There is no testing that the filenames
> don't collides, so don't complain if you put two
> "-" and you get unexpected results ;o).
The tcpdump file I used was very simple - the original filter was
tcp port 79
so I am puzzled as to why there may be differences. I will be able to run
more tests tomorrow on various tcpdump capture files. This was just one I
had on the local disk.
I will start building a series of tcpdump data files with various filter
options and see what that does to help debug. I would still prefer to try on
a 'known good' platform first and make comparisons after.
Neil
More information about the argus
mailing list