Argus duser field stays blank
Peter Van Epp
vanepp at sfu.ca
Thu Aug 10 11:57:29 EDT 2006
On Thu, Aug 10, 2006 at 10:38:10AM -0500, Karl Tatgenhorst wrote:
>
> As I was trying to say before the monkey that is the Evolution Mail
> Client sent my e-mail unexpectedly. I would not think to tell the
> attackers not to do that. My point was not to set up your listener with
> an IP Address. That is what caused the flow-count to go so high and I
> believe is what killed our server process.
>
> Have you tested Argus on OC192? I think we might be going down that
> path in a year or so.
>
> Karl
>
Ah, I'll have to poke at linux and figure out how to not set an IP
address (FreeBSD, which is my current production sensor, does it no problem but
the SUSE 10.1 kernel with ring buffer is unhappy without IPs on the interface
which may well just be ignorance on my part).
No, I haven't (at least yet :-)) tried OC192 but Carter has customers
that have. I've managed to aquire a couple of IBM P510 Power5 boxes which
should have the horsepower and necessary full width/height slots to take a
DAG card, mow all I have to do is find someone with enough money (and the will
to spend it :-)) to buy me a 10 gig DAG card to play with. We have 10 gig
intercampus links now and our grid folks have a production 10 gig link on
their file store but we don't have any test equipment that will touch it so
far. The intercampus links are currently aggregating gig links which I can
sniff but the grid machine isn't (but also isn't directly my problem although
they have lots of interesting networking problems to play with :-)).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list