The double-counting saga
Andrew Pollock
andrew-argus at andrew.net.au
Mon Mar 31 23:45:12 EST 2003
Sigh.
We have gotten to the bottom of the problem, it would seem.
The problem would appear to be specific to Debian's Argus implementation
(predating my maintenance of the packages) whereby the /etc/init.d/argus
script is invoking Argus with a -F /etc/argus.conf, but Argus is also
compiled with /etc/argus.conf as it's config file, so it's essentially
reading the configuration twice, once implicitly and once explicitly,
hence it opens the specified interface twice, and counts everything twice.
Is there an easy way to remove duplicates from existing Argus logs?
Andrew
More information about the argus
mailing list