Radium correlation
Chris Wakelin
c.d.wakelin at reading.ac.uk
Mon Jun 20 19:06:54 EDT 2011
On 20/06/2011 23:45, Carter Bullard wrote:
> Well that is odd. Haven't seen anything like that here, on any machine.
> So what happens when you have two ARGUS_INTERFACE directives:
>
> ARGUS_INTERFACE=eth1/xxx.xxx.xxx.xxx
> ARGUS_INTERFACE=eth2/yyy.yyy.yyy.yyy
>
> Carter
>
The same; also with "-i eth1 -i eth2" and "-i eth2 -i eth1" (which
switches over the one that can't be opened).
Neither interface has an IP address assigned, but both are up and
receiving (mirrored) packets.
One odd thing is that tcpdump doesn't work as expected either; on this
machine a BPF filter matches nothing, whereas on similar machines I have
cases where it matches only one side of the traffic and others where it
works as expected. I get the same ARGUS errors with two interfaces on
one of the machines where BPF is working though.
Best Wishes,
Chris
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
More information about the argus
mailing list