argus option review
William Setzer
William_Setzer at ncsu.edu
Sun Jan 28 12:40:48 EST 2001
"Carter Bullard" <carter at qosient.com> writes:
:
: So what kind of situation are you monitoring?
I'm not really monitoring anything. I'm using argus to log traffic
over a particular link, so that we can refer to it later if there's a
question as to whether a particular host was doing something it had
been purported to have done, and also so we can narrow the cause
if/when one of our servers does odd things.
: Dual interfaces? Lots of traffic, lots of flows?
I use two interfaces, but only run argus on one of them. Traffic
varies between 120-180Mb/s sustained throught the day. There are
many, many flows, especially when it picks up a packet spoofing
session or DoS attack. (When your argus file is over 250M for 15
minutes, you know _something_ weird is going on. :)
: What kind of hardware are you using?
Sun E250 w/1G RAM, two processors and two gigabit cards.
William
More information about the argus
mailing list