argus-server: argus interface monitoring confusion

Yotam Rubin yotamr at bezeqint.net
Sat May 17 04:29:14 EDT 2003 

On Fri, May 16, 2003 at 09:53:36AM -0400, Carter Bullard wrote:
> Hey Yotam,
>    Having a definitive statement on this will
> make it much better, so I'm glad that we've got 
> critical mass to make a decision on this.
> So let me describe the current state of things
> and we can get to where we want to go.

[...]

> 
>    1. Continue to use /etc/argus.conf as a base default
>       configuration file.

/etc/argus.conf should be read by default, unless the user specified 
a configuration file of his own, in which case the default configuration
file should not be processed.

> 
>    2. Eliminate the automatic searching for argus.conf
>       files through the $ARGUSPATH variables and the
>       current directory,  as that is where some unexpected
>       behavior comes from.

Yes. I believe this a hazardous source for confusion.

> 
>    3. Keep the -X option to eliminate any effects of
>       the /etc/argus.conf file.

This is a useful feature and indeed should be kept.

> 
>    4. Fix all the options that are additive in order to
>       ignore duplicates.
> 
>    That seems like a good start.  The final issue, if
> I'm reading the situation correctly, is to process
> all -F options on the command line first, in left to
> right order, and then process the other options, in
> left to right order.  
> 
>    That will tackle much of the problems, but there is
> still one difficult situation, what to do with the
> additive options "-i", "-r", "-w".  If you have them
> on the command line, do we blow away the existing
> lists?  

This seems like the most intuitive path to follow and corresponds to the
behavior of many other programs. By nature, command line arguments imply
overriding previous settings. The command line arguments can be additive
with themselves, i.e, once the initial overriding has been done, additional
-r,-w,-i's would carry an additive effect.

>What to do if I have this situation:
> 
>    argus -i eth0 -i eth1

I like this option the best, as it is easily guessed and doesn't require
special code to handle.

> One solution is to have [-|+] before these additive
> options:
> 
>    argus -i +eth0 -i +eth1

IMO, we don't need to bombard the user with flexibility that has no real
virtues. A task as simple as selecting interfaces to monitor shouldn't 
involve a selection language of its own.

> and then finally, should we support this type of
> directive?
> 
>    argus -i eth0 eth1

Also possible, but it goes against intuition, as one would not expect 
command line argument to be parsed that. Specifying '-i' before each 
interface seems like the logical choice.

	Regards, 

		Yotam Rubin
	
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20030517/f363b5f9/attachment.sig>

More information about the argus mailing list