Capture Filter Not Working
Carter Bullard
carter at qosient.com
Tue Jul 15 13:55:51 EDT 2003
Hey Eric,
You've got the ARGUS_FILTER twice with the last entry
as "", so that will probably remove any filters on that
interface. See if removing that doesn't fix things.
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Eric
> Sent: Tuesday, July 15, 2003 1:37 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Capture Filter Not Working
>
>
> Greetings,
>
> I've been running 2.0.5 with this [1] config on both FreeBSD and
> OpenBSD. It appears as though neither of the following works.
>
> ARGUS_FILTER="not tcp port 80"
>
> or
>
> ARGUS_OUTPUT_FILE=/var/log/argus/argus.out "not tcp port 80"
>
> All I'm trying to do is limit my captures to anything *but*
> 80/tcp.
>
> Did I miss something? :)
>
> Thanks.
>
> [1] /etc/argus.conf
>
> ARGUS_DAEMON=yes
> ARGUS_MAX_INSTANCES=1
> ARGUS_SET_PID=yes
> ARGUS_PID_FILENAME=/var/run/argus.pid
> ARGUS_MONITOR_ID=6666
> ARGUS_BIND_IP=127.0.0.1
> ARGUS_ACCESS_PORT=561
> ARGUS_GO_PROMISCUOUS=yes
> ARGUS_FLOW_STATUS_INTERVAL=180
> ARGUS_MAR_STATUS_INTERVAL=180
> ARGUS_GENERATE_RESPONSE_TIME_DATA=no
> ARGUS_GENERATE_JITTER_DATA=no
> ARGUS_GENERATE_MAC_DATA=no
> ARGUS_CAPTURE_DATA_LEN=0
> ARGUS_FILTER_OPTIMIZER=yes
> ARGUS_FILTER="not tcp port 80"
> ARGUS_FILTER=""
> ARGUS_INTERFACE=em0
> ARGUS_INTERFACE=em1
> #ARGUS_OUTPUT_FILE=/var/log/argus/argus.out "not tcp port 80"
> ARGUS_OUTPUT_FILE=/var/log/argus/argus.out
>
>
More information about the argus
mailing list