argus-server: argus interface monitoring confusion

Carter Bullard carter at qosient.com
Thu May 15 23:42:26 EDT 2003 

Hey Andrew,
   I'm going to be fixing one aspect of this problem
this weekend, where we should only open an interface
once, but Yotam is raising another issue which is
not necessarily correct.  Do command line specifications
have precedence over configuration file specs?

   One of the biggest issues with command line switches
that can also be specified in configuration files, is
the order of the specification.  How should argus
deal with this scenario, for example:

   argus -i eth0 -F argus.conf

where the argus.conf file specifies interface eth1?

Compare this to this next call:

   argus -F argus.conf -i eth0

should argus behave the same in both situations?  It
is not clear that they should be the same.
And with calls such as:

   argus -F arg1.conf -F arg2.conf -F arg3.conf

each defining a different interface to open, what
should be the correct behavior, and should it be
the same regardless of the configuration file order?
I don't think so.  I'm not sure that we can keep the
user from shooting its own foot off, when we support
this level of flexibility.  So, I'm for fixing the
problem with opening the same interface twice, but
it's not true that there is a general rule that
the command line has precedence.

Opinions?


Carter





> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu 
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of 
> Andrew Pollock
> Sent: Thursday, May 15, 2003 11:10 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Re: argus-server: argus interface monitoring confusion
> 
> 
> On Mon, May 12, 2003 at 06:58:25AM +0300, Yotam Rubin wrote:
> > 
> > 	When a user specifies an interface to monitor through 
> the -i switch,
> > it is added to a list of interfaces collected from the 
> configuration file.
> > The expected behavior would be to have -i override the 
> configuration file, 
> > and not work in conjunction with it. This can become very 
> confusing and lead
> > to hazardous results. 
> 
> Carter,
> 
> What is your opinion of this? Yotam has submitted this bug 
> and another 
> (viewable at http://bugs.debian.org/argus-server) for changes to the 
> default argus behavior that I am reluctant to see go into a 
> Debian-specific package of the software. I'd like the Debian 
> package to 
> maintain identical functionality to the upstream software whereever 
> possible.
> 
> regards
> 
> Andrew
>

More information about the argus mailing list