argus-server: argus interface monitoring confusion
Mark Poepping
poepping at cmu.edu
Fri May 16 08:59:59 EDT 2003
Trying to help clarify...
If argus.conf specifies two interfaces, then
-i eth0 -F argus.conf
would override the interface definitions altogether and only listen on eth0.
Does that also make sense for filter definitions and all other options?
Mark.
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu [mailto:owner-argus-
> info at lists.andrew.cmu.edu] On Behalf Of Olaf Gellert
> Sent: Friday, May 16, 2003 3:40 AM
> Cc: argus-info at lists.andrew.cmu.edu
> Subject: Re: argus-server: argus interface monitoring confusion
>
> Hi all,
>
> I second that: In my opinion, commandline arguments should
> override configuration files. And to make it less confusing
> this should be independent of the order of the "-F config-file"
> option and all the other command line options (so "-F foo -i eth0"
> should behave the same as "-i eth0 -F foo".
>
> I am not sure whether the "-F foo1 -F foo2" really makes
> sense in any case, I tend to think it just causes
> confusion and should be avoided/removed. If anyone needs
> this feature he should speak up now. If for compatibility
> reasons we have to stick to this, ok, but then this should
> be documented somewhere.
>
> Cheers,
> Olaf
>
>
> --
> Dipl.Inform. Olaf Gellert PRESECURE (R)
> Consultant, Consulting GmbH
> Phone: (+49) 0700 / PRESECURE og at pre-secure.de
>
> Course licensed from the CERT Coordination Center
> Creating Computer Security Incident Response Teams
> https://www.pre-secure.de/ms09
> Muenster, July 10, 2003
>
More information about the argus
mailing list