argus option review

William Blaylock will at checkfast.com
Fri Jan 26 16:40:49 EST 2001 


Carter Bullard wrote concerning argus option review on 25 Jan 2001, at 18:02

[deletia]

> 
> There is an option that we support that does not have a command line
> flag and that is ARGUS_GENERATE_JITTER_DATA.  I'll put in a 'J' option
> to support this feature.  This generates interpacket arrival time data
> for performance analysis.  Nice but a little esoteric.

certainly an informative tool when you have a problem to troubleshoot 
<grin>

[deletia]

> 
> The biggest one is "-p".  Should we be in promiscuous mode by default?
> My bet is no.  Do we have any other votes/opinions?

Tough question, however I would just add the option to the startup 
script on the one machine I am writing some email robots to deal 
with. (notify me when certain events occur on my network via email to 
pager/phone/etc. so I dont have a personal vote.  

If I were using Argus on a machine that others had access to, and or 
had a copy on my network that I didnt know a user had loaded I would 
certainly prefer that only administrators (root) had access to the 
information on what ever else may be on my network so I would vote 
for default to NON promiscuous mode with a check for root before 
allowing it to be turned on


> 
> The next is the "-P" option.  This specifies the port that we will
> listen on for remote access.  You set this to 0 (zero) to turn this
> feature off.  Should we turn this on or off by default?  Should you
> have to explicitly turn on remote access by configuring the port
> number?   I'm leaning toward not turning it on unless you specify it,
> but then getting a common number, like 561, will not be easy.  (this
> may eliminate some surprises?)
> 

I would prefer that it be defaulted to "off" but again would set the 
option my self to 0 if needed


> The next is "-R" and the new "-J".  These generate useful information,
> but should it be the default behavior?  The "-R" option forces argus
> to produce records for ICMP and UDP traffic when the src pkt and dst
> pkt counts are both == 1.  This allows for response time
> determinatios, but generates a lot more argus records.  The "-J" data
> is not a problem but it will make the output records 16-32 bytes
> larger. My guess on this on is off by default?

I would think off by default would be best for both, on for trouble 
shooting specifically.

> 
> These are on my hot list.  If you have some that you want to add,
> delete, modify, now is the time to get your opinions in.
> 
> Please send your opinions/attitude/reactions/flames/whatever.  It is
> important!

[deletia]

Thanks for doing business the CheckFAST (tm) way!

William Blaylock
MIS Director
Checkfast Check Clearing Services
5181 Amelia Earhart Drive
Salt Lake, UT 84116
(801)364-8200 x4043 local 
(801)401-4043 direct to my desk
(888)245-3278 extension 4043 toll free
WWW.CHECKFAST.COM

More information about the argus mailing list