argus option review

Carter Bullard carter at qosient.com
Fri Jan 26 11:54:14 EST 2001 

Gentle people,
Ok below is the updated argus() usage, (just one change for
the default port value).  A few more defaults to discuss.

Argus Version 2.0
usage: argus [options] [-i interface] [filter-expression] 
usage: argus [options]  -r packetfile [filter-expression] 

options: -b                   dump filter compiler output.
         -d                   run Argus in daemon mode.
         -D <level>           set debug reporting <level>.
         -e <value>           specify Argus Identifier <value>.
         -h                   print help.
         -F <conffile>        read configuration from <conffile>.
         -J                   generate packet performance data.
         -M <secs>            set MAR Status Report Time Interval
(300s).
         -m                   turn off MAC Layer Reporting.
         -O                   turn off filter optimizer.
         -p                   don't go into promiscuous mode.
         -P <portnum>         enable remote access on <portnum>.
         -R                   generate response time data.
         -S <secs>            set FAR Status Report Time Interval (60s).
         -w <file ["filter"]> write output to <file>, or '-', for
stdout,
                              against optional filter expression.
         -X                   reset argus configuration.

The -D option is not printed if argus wasn't compiled with the
ARGUS_DEBUG option set.

The -e option.  Should the default for the ArgusID be 0?  Right now
its the magic cookie that we use for the argus stream.

The -m option.  Should we capture MAC addresses by default?
This adds 20 bytes to each record.

The -M option.  Should the default MAR status record interval
be 300 seconds?  This can be used by clients as a KEEP_ALIVE
and it gives decent aggregate link stats.  This could be 60 seconds.

The -S option.  Should this default to 60 seconds for flow status
reports?  This seems like a good value but it could go to 30 or 10
for that matter.  10 may increase the number of records you get
depending on the type of traffic you get.

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 813-9426
Fax   +1 212 813-9426
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3699 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20010126/52d8d414/attachment.bin>

More information about the argus mailing list