Argus SrcID And SrcID filtering
Carter Bullard
carter at qosient.com
Thu Dec 8 14:55:52 EST 2011
Hey CS Lee,
You need to escape the double quotes, so that they make it into the compiler:
ra -S URI://127.0.0.1:561 -s srcid saddr sport dir daddr dport - srcid \"eth0\"
without the quotes, ra will think you are looking for the IP address of the host 'eth0',
which probably is not in your namespace.
So without making a bit of a change in the srcid DSR definition, you only get 4 bytes
for the srcid. This can change in 3.0.8, but right now you're limited to only
4 chars (32-bits).
Carter
On Dec 8, 2011, at 3:40 AM, CS Lee wrote:
> hi Carter,
>
> I would like to assign network interface name as srcid for argus, however in most condition 4 bytes looks enough, if I use freebsd and some of intel nic, it does have ixgbe as nic name, can it change from 4 bytes to say 8 bytes instead.
>
> By the way filtering by srcid is not working -
>
> argus -mAJZRU 512 -i eth0/\"eth0\" -B 127.0.0.1 -P 561
> ra -S URI://127.0.0.1:561 -s srcid saddr sport dir daddr dport - srcid "eth0"
> ra[13898]: 00:42:09.339847 srcid eth0 unknown
> ra[13897]: 00:42:09.554215 srcid eth0 filter syntax error
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20111208/f6db3102/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20111208/f6db3102/attachment.bin>
More information about the argus
mailing list