argus-2.0.3 available for testing

Carter Bullard carter at qosient.com
Fri Oct 12 09:57:38 EDT 2001


Hey Neil,
   Found the problem.  We were binding the filter to
the first interface only, leaving your second interface
unfiltered.  I've got that fixed, and your Solaris mods
already on the server:

ftp://qosient.com/dev/argus-2.0/argus-2.0.3.tar.gz

   Could you give this a run through?

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

> -----Original Message-----
> From: Neil Long [mailto:neil.long at computing-services.oxford.ac.uk] 
> Sent: Friday, October 12, 2001 9:54 AM
> To: 'argus'; carter at qosient.com
> Subject: Re: argus-2.0.3 available for testing
> 
> 
> Hi Carter
> 
> Yes - I can use 2 interfaces using either the command line or with 
> 2 interface statements in argus.conf but not have any filter 
> expression.
> 
> I tried a filter expression using the argus.conf, command line or -F 
> file - and still see port 80 despite 'not port 80'
> 
> At least it is entirely consistent.
> 
> regards
> Neil
> 
> 
> 
> On Oct 12,  8:52am, Carter Bullard wrote:
> > Subject: RE: argus-2.0.3 available for testing
> > Hey Neil,
> >    I'll make the inet_pton change today, and
> > I'll put some work on the command line -i issue.
> > We do this all the time using either the /etc/argus.conf
> > file or a -F config.file, so it must be in the
> > getopt parsing code?
> > 
> > Hope all is well!
> > 
> > Carter
> > 
> > Carter Bullard
> > QoSient, LLC
> > 300 E. 56th Street, Suite 18K
> > New York, New York  10022
> > 
> > carter at qosient.com
> > Phone +1 212 588-9133
> > Fax   +1 212 588-9134
> > http://qosient.com
> > 
> > > -----Original Message-----
> > > From: owner-argus-info at lists.andrew.cmu.edu
> > > [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf 
> Of Neil Long
> > > Sent: Friday, October 12, 2001 4:52 AM
> > > To: 'argus'
> > > Subject: Re: argus-2.0.3 available for testing
> > > 
> > > 
> > > Compiles fine on Solaris if inet_aton is replaced by inet_pton
> > > 
> > > still has inet_ntoa but they deprecated with a vengance it seems.
> > > 
> > > Seems to work except that I still haven't been able to debug
> > > the problem where using 2 -i statements causes argus_dlpi to 
> > > ignore any following  filter expressions. (I want to merge 2 
> > > interfaces but want to ignore heavy traffic such as port 80 - 
> > > anyone able to check this on other OS other than Solaris?)
> > > 
> > > Cheers
> > > Neil
> > > 
> > > --
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >  Dr Neil J Long, Computing Services, University of Oxford
> > >  13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 
> > > Fax:+44 1865 273275
> > >  EMail:       Neil.Long at computing-services.oxford.ac.uk  
> > >  PGP:    ID 0xE88EF71F    OxCERT: oxcert at ox.ac.uk PGP: ID 
> 0x9FF898D5
> > > 
> > 
> >-- End of excerpt from Carter Bullard
> 
> 
> 
> -- 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  Dr Neil J Long, Computing Services, University of Oxford
>  13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 
> Fax:+44 1865 273275
>  EMail:       Neil.Long at computing-services.oxford.ac.uk  
>  PGP:    ID 0xE88EF71F    OxCERT: oxcert at ox.ac.uk PGP: ID 0x9FF898D5
> 



More information about the argus mailing list