argus option review

Thu Jan 25 21:04:08 EST 2001

: 
: The biggest one is "-p".  Should we be in promiscuous mode by default?
: My bet is no.  Do we have any other votes/opinions?

Actually, I can't imagine using argus in anything other than
promiscuous mode.

: The next is the "-P" option.  This specifies the port that we will
: listen on for remote access.  You set this to 0 (zero) to turn this
: feature off.  Should we turn this on or off by default?

Hmm.  I seem to be zero for two. :)  I think the port number should
be off by default, for security reasons.  (If a port's not on, it
can't be exploited.)

: The "-J" data is not a problem but it will make the output records
: 16-32 bytes larger.  My guess on this on is off by default?

I agree, but this is purely a personal preference.  My logs already
grow to 50-75M every 15 minutes, and a large increase would force
me to buy bigger disks.  Not a really good reason to justify
something. :)

William