Capture Filter Not Working
Eric
eric-list-argus at catastrophe.net
Tue Jul 15 13:36:52 EDT 2003
Greetings,
I've been running 2.0.5 with this [1] config on both FreeBSD and
OpenBSD. It appears as though neither of the following works.
ARGUS_FILTER="not tcp port 80"
or
ARGUS_OUTPUT_FILE=/var/log/argus/argus.out "not tcp port 80"
All I'm trying to do is limit my captures to anything *but*
80/tcp.
Did I miss something? :)
Thanks.
[1] /etc/argus.conf
ARGUS_DAEMON=yes
ARGUS_MAX_INSTANCES=1
ARGUS_SET_PID=yes
ARGUS_PID_FILENAME=/var/run/argus.pid
ARGUS_MONITOR_ID=6666
ARGUS_BIND_IP=127.0.0.1
ARGUS_ACCESS_PORT=561
ARGUS_GO_PROMISCUOUS=yes
ARGUS_FLOW_STATUS_INTERVAL=180
ARGUS_MAR_STATUS_INTERVAL=180
ARGUS_GENERATE_RESPONSE_TIME_DATA=no
ARGUS_GENERATE_JITTER_DATA=no
ARGUS_GENERATE_MAC_DATA=no
ARGUS_CAPTURE_DATA_LEN=0
ARGUS_FILTER_OPTIMIZER=yes
ARGUS_FILTER="not tcp port 80"
ARGUS_FILTER=""
ARGUS_INTERFACE=em0
ARGUS_INTERFACE=em1
#ARGUS_OUTPUT_FILE=/var/log/argus/argus.out "not tcp port 80"
ARGUS_OUTPUT_FILE=/var/log/argus/argus.out
More information about the argus
mailing list