argus-server: argus interface monitoring confusion

Carter Bullard carter at qosient.com
Mon May 19 13:49:47 EDT 2003 

Hey Richard,
   Ok, I've got almost all of the changes for
the configuration file and command line option
changes finished.  Here is a situation where I'd
like to know what the user should expect.

In this example, each configuration file specifies
a different interface to open:

   argus -F conf1 -F conf2

what should we expect?  The new argus will not
open /etc/argus.conf (-F options present), open
conf1 and conf2 and process them in that order.
If either don't exist we fail.  With regard to
the interfaces, we'll only open the interface
specified in conf2.

Last example is:

   argus -i eth0 -F conf1 -i eth1 -F conf2 -i eth3

Same behavior as above with regard to config files,
where are processed first.  After conf2 is read,
we'll start processing the -i options, and we'll
only open eth[1-3].

Is that appropriate?


Carter



> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu 
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of 
> Richard Gadsden
> Sent: Monday, May 19, 2003 11:01 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Re: argus-server: argus interface monitoring confusion
> 
> 
> On Sat, 17 May 2003, Yotam Rubin wrote:
> 
> > On Fri, May 16, 2003 at 09:53:36AM -0400, Carter Bullard wrote:
> > 
> > [...]
> > 
> > > 
> > >    1. Continue to use /etc/argus.conf as a base default
> > >       configuration file.
> > 
> > /etc/argus.conf should be read by default, unless the user 
> specified 
> > a configuration file of his own, in which case the default 
> configuration
> > file should not be processed.
> 
> Of two minds on this one. On the one hand, being able to combine the
> effects of a base config file with a second config file 
> specified on the
> command line is a useful feature. But it's also a very common 
> source of
> confusion, especially for new users. Because it is so confusing, it
> probably should not be the default behavior. So I agree with Yotam.
> 
> Whenever I really NEED to combine the effects of a base 
> config file with
> one (or more) others, I should just do it explicitly:
> 
>  argus -F /etc/argus.conf -F myinterface.conf -F myfilter.conf ...
>  
> [...]
> 
> > >    4. Fix all the options that are additive in order to
> > >       ignore duplicates.
> > > 
> > >    That seems like a good start.  The final issue, if
> > > I'm reading the situation correctly, is to process
> > > all -F options on the command line first, in left to
> > > right order, and then process the other options, in
> > > left to right order.  
> 
> Yes. And if the user gives any -F options, and does want 
> /etc/argus.conf
> to be used as a base config, then he'll just need to include it
> explicitly, as in the example above.
> 
> > >    That will tackle much of the problems, but there is
> > > still one difficult situation, what to do with the
> > > additive options "-i", "-r", "-w".  If you have them
> > > on the command line, do we blow away the existing
> > > lists?  
> > 
> > This seems like the most intuitive path to follow and 
> corresponds to the
> > behavior of many other programs. By nature, command line 
> arguments imply
> > overriding previous settings. The command line arguments 
> can be additive
> > with themselves, i.e, once the initial overriding has been 
> done, additional
> > -r,-w,-i's would carry an additive effect.
> > 
> > >What to do if I have this situation:
> > > 
> > >    argus -i eth0 -i eth1
> > 
> > I like this option the best, as it is easily guessed and 
> doesn't require
> > special code to handle.
> 
> Agreed, but obviously it should be noted in the documentation 
> that these
> three command line options (-r,-w,-i) will first 'override' (i.e. blow
> away) any corresponding settings made in the config file(s), and then
> their 'additive' nature will kick in if they are used more 
> than once on
> the command line.
> 
> This is still a little confusing, but it's less confusing than any
> alternative I can think of. The inherently 'additive' nature of these
> options, either on the command line or within config files, 
> is what really
> needs to be emphasized to the user.
> 
> Thanks,
> Richard
> 
>

More information about the argus mailing list