suser and duser data
Carter Bullard
carter at qosient.com
Tue Dec 29 10:02:00 EST 2009
Hey Matt,
Sorry for the delayed response.
The maximum user data buffer is suppose to be (( 2^16) * 4) bytes, but that also is the largest
possible argus record, so you should be able to get 10K worth of user data in there. What is the
largest size buffer that you are getting?
If there is a bug, it could be in argus() or in ra(), so it may take some time before I find the issue.
One thing you can do is shorten the "ARGUS_FLOW_STATUS_INTERVAL" for argus
down to a second or less. We capture new data in each interval, so you may be able to grab
what you are looking for?
Carter
On Dec 12, 2009, at 1:37 PM, Matt Brewer wrote:
> Hello all,
>
> I've been attempting to use Argus to capture more user data then the default settings. I've added the line ARGUS_CAPTURE_DATA_LEN=10000 to my argus.conf and I've also tried using the -U 10000 option straight from the command line. Unfortunately it doesn't seem to increase the user data that I'm collecting at all. Is there something I'm doing wrong? I've even tried the -M xml trick to see if it outputs more information and it still doesn't.
>
> Any ideas what the problem may be?
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091229/9596a33f/attachment.bin>
More information about the argus
mailing list