ARGUS_FLOW_STATUS_INTERVAL
MN
mnewton at stanford.edu
Thu Aug 17 16:47:02 EDT 2006
Hi - A couple of issues with ARGUS_FLOW_STATUS_INTERVAL:
[1] in Argus 2.0, we used the (admittedly high) value of 3600. If
you set this in rc25, instead of summaries, the Argus log file will
have an entry for every packet.
[2] The default is listed in the text of the sample argus.conf as
being 60 seconds, but it appears to be 5 seconds (even if one comments
out the line ARGUS_FLOW_STATUS_INTERVAL=5).
And, unrelated, the sample argus.conf file text says:
# The argus supports a set of well known key strategies,
# such as 'CLASSIC_5_TUPLE', 'LAYER_3_MATRIX', 'LAYER_2_MATRIX',
# 'MPLS', and/or 'VLAN', or the argus can be configured to
# formulate key strategies from a list of the specific
# objects that the Argus understands. See the man page for
# a complete description.
but there does not appear to be any such information in the man page.
On another unrelated note, we are interested in hearing the
experience of those who are monitoring 10Gb connections. Of
special interest is aggregating multiple 10G feeds to eliminate
issues caused by asymmetric routing. Budget is a definite issue.
We've looked briefly at Gigamon.
Thanks,
- mike
More information about the argus
mailing list