multiple interfaces, one argus.log file?

Wolfgang Barth wob at swobspace.de
Sun Feb 25 10:47:02 EST 2007


Hi,

I want to watch multiple interface on one host and write the output to one
logfile. I need do distinguish the interfaces. Which way do you recommend?

1) argus -i <first> -i <second> -i <third> ...
   but how to separate the interfaces? MAC addresses?

2) multiple argus instances, so I can use the source id (ip address from
   the interface). Is it possible to write directly to the same logfile?

3) multiple argus instances, output collected by radium?

Okay, the fourth way - using multiple logfiles - works always, but I want
to create only one logfile for some reasons.

Wolfgang
-- 
<wob (at) swobspace de> * http://www.swobspace.de



More information about the argus mailing list