[ARGUS] Sensor Setup
John Nagro
john.nagro at gmail.com
Mon Jul 26 11:35:00 EDT 2004
Thank you very much, i will try this out.
-John
On Mon, 26 Jul 2004 09:41:48 -0500, eric <eric at catastrophe.net> wrote:
> On Mon, 2004-07-26 at 10:37:00 -0400, John Nagro proclaimed...
>
> > Could someone please outline (or point me to docs) on properly setting
> > up a machine to run argus and instead of writing its output to disk,
> > sent it to another machine and have it record there.
> >
> > This would be a huge help.
>
> On machineA, compile argus and use the following argus.conf
>
> ARGUS_DAEMON=yes
> ARGUS_MAX_INSTANCES=1
> ARGUS_SET_PID=yes
> ARGUS_PID_FILENAME=/var/run/argus.pid
> ARGUS_MONITOR_ID=666
> ARGUS_BIND_IP=10.10.10.10
> ARGUS_ACCESS_PORT=561
> ARGUS_GO_PROMISCUOUS=yes
> ARGUS_FLOW_STATUS_INTERVAL=30
> ARGUS_MAR_STATUS_INTERVAL=30
> ARGUS_GENERATE_RESPONSE_TIME_DATA=yes
> ARGUS_GENERATE_JITTER_DATA=yes
> ARGUS_GENERATE_MAC_DATA=no
> ARGUS_FILTER_OPTIMIZER=yes
> ARGUS_FILTER=""
> ARGUS_INTERFACE=em0
> ARGUS_INTERFACE=em1
> #ARGUS_OUTPUT_FILE=/data/argus/tmp/argus.out
>
> Then on machineB..
>
> $ nohup ra -nn -S 10.10.10.10 -w argus.cap &
>
> Rotate your flows, as necessary, using argusarchive.
>
>
--
John Nagro
john.nagro at gmail.com
More information about the argus
mailing list