about flow status interval and inactivity timeout options
Berkay Celik
argusflow at gmail.com
Mon Oct 25 11:47:04 EDT 2010
Hey all,Carter,
The confusing point when i'm trying to create the flows,
ARGUS_FLOW_STATUS_INTERVAL is not same as the tcp_inactivity_timeout
and udp_inactivity_timeout as far as i read. Is there are
inactivity_timeout option
in ARGUS? (is ARGUS_MAR_STATUS_INTERVAL used for this purpose, i
confused about ARGUS_MAR_STATUS_INTERVAL variable.)
is there a way that i can directly get the flows regarding my
definitions 1 and 2 (for TCP and UDP):
tcp Connection established (SYN sent) or 3 way handshake is done)
within ARGUS_FLOW_STATUS_INTERVAL 45 s or tcp_inactivity_timeout is 15 s
create the flows
udp within ARGUS_FLOW_STATUS_INTERVAL 45 s or udp_inactivity_timeout is 15 s
create the flows
is there way to generate flows in argus as noted up.
Thanks,
Berkey
More information about the argus
mailing list