Using tcpdump input
Carter Bullard
carter at qosient.com
Mon Mar 31 23:48:21 EST 2003
Hey Andrew,
By default, argus opens and processes the system
/etc/argus.conf file. Using the "-F /etc/argus.conf",
you are asking argus to process this file twice, so
its getting the open interface directive two times.
This is becoming a gottcha that needs to be
eliminated as this is the second time its come
up in a few years. I'll look into it.
Carter
> -----Original Message-----
> From: Andrew Pollock [mailto:andrew-argus at andrew.net.au]
> Sent: Monday, March 31, 2003 10:59 PM
> To: Carter Bullard
> Cc: argus-info at lists.andrew.cmu.edu
> Subject: Re: Using tcpdump input
>
>
> On Mon, Mar 31, 2003 at 10:26:05PM -0500, Carter Bullard wrote:
> > More than likely, argus is opening whatever
> > interface twice. This is not impossible,
> > so the solution will be in understanding how argus
> > is being called and the contents of your argus.conf
> > file. One quick approach is to run argus with
> > the -X option as the first option on the command
> > line. If this resolves the problem the it will
> > be straight forward.
>
> Now we're making some progress. I get identical results.
> Soooo.... How come Argus under normal operations is opening
> the interface
> twice?
>
> I've got eth1 in the /etc/argus.conf, and argus is invoked with a -F
> /etc/argus.conf and not with a -i
>
> Andrew
>
More information about the argus
mailing list