Fwd: BOUNCE argus-info at lists.andrew.cmu.edu: Non-member submission from [Michael Anderson <mca at arlut.utexas.edu>]
Peter Van Epp
vanepp at sfu.ca
Thu Oct 18 11:44:54 EDT 2001
I;d say first the new user needs to join the mailing list (the list
owner forwarded this message to the list) :-)
That said, this looks to be Linux so I'm not on top of it, but this
works fine (modulo performance) on FreeBSD (i.e. tcpdump and argus can
coexist on the same interface at the same time). Packets can get dropped due
to the extra load however. When you say "no connections" what does that mean
(and how are you determining it)? What is the size of /var/log/argus/argus.out?
If it is something like 128 bytes, then you have captured no data for some
reason. It if its bigger try ra -r /var/log/argus/argus.out -c -n which will
dump everything in the file with no DNS translation.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
>
> I am a new argus user. I have built and installed argus 2.0.3. I then
> started argus as: argus -d -e `hostname` -i eth1 -U128 -mRS 30 -w
> /var/log/argus/argus.out. It seems to start up OK and the output file is
> generated. However, the data in the file indicates that argus is not
> seeing any connections. I'm running snort on the same interface. Can I
> have only 1 packet capture utility on the interface at a time? Any
> ideas as to why argus is not seeing any data.
>
> Thanks,
> Mike
>
>
> --Multipart_Thu_Oct_18_11:20:05_2001-1--
>
More information about the argus
mailing list