Capture Filter Not Working

Carter Bullard carter at qosient.com
Tue Jul 15 13:55:51 EDT 2003


Hey Eric,
   You've got the ARGUS_FILTER twice with the last entry
as "", so that will probably remove any filters on that
interface.  See if removing that doesn't fix things.

Carter



> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu 
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Eric
> Sent: Tuesday, July 15, 2003 1:37 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Capture Filter Not Working
> 
> 
> Greetings,
> 
> I've been running 2.0.5 with this [1] config on both FreeBSD and
> OpenBSD. It appears as though neither of the following works.
> 
> ARGUS_FILTER="not tcp port 80"
> 
> or 
> 
> ARGUS_OUTPUT_FILE=/var/log/argus/argus.out "not tcp port 80"
> 
> All I'm trying to do is limit my captures to anything *but*
> 80/tcp.
> 
> Did I miss something? :) 
> 
> Thanks.
> 
> [1] /etc/argus.conf
> 
> ARGUS_DAEMON=yes
> ARGUS_MAX_INSTANCES=1
> ARGUS_SET_PID=yes
> ARGUS_PID_FILENAME=/var/run/argus.pid
> ARGUS_MONITOR_ID=6666
> ARGUS_BIND_IP=127.0.0.1
> ARGUS_ACCESS_PORT=561
> ARGUS_GO_PROMISCUOUS=yes
> ARGUS_FLOW_STATUS_INTERVAL=180
> ARGUS_MAR_STATUS_INTERVAL=180
> ARGUS_GENERATE_RESPONSE_TIME_DATA=no
> ARGUS_GENERATE_JITTER_DATA=no 
> ARGUS_GENERATE_MAC_DATA=no
> ARGUS_CAPTURE_DATA_LEN=0
> ARGUS_FILTER_OPTIMIZER=yes
> ARGUS_FILTER="not tcp port 80"
> ARGUS_FILTER=""
> ARGUS_INTERFACE=em0
> ARGUS_INTERFACE=em1
> #ARGUS_OUTPUT_FILE=/var/log/argus/argus.out "not tcp port 80"
> ARGUS_OUTPUT_FILE=/var/log/argus/argus.out
> 
> 





More information about the argus mailing list