Argus fails to start with ARGUS_INTERFACE=ind:all
Harry Hoffman
hhoffman at ip-solutions.net
Mon May 23 10:19:04 EDT 2011
Hi,
I've downloaded the latest argus (3.0.5.3) and I'm trying to run with:
ARGUS_INTERFACE=ind:all
And I'm getting the following error messages:
May 23 10:02:20 usher argus[25730]: 23 May 11 10:02:20.195237 started
May 23 10:02:20 usher argus[25730]: 23 May 11 10:02:20.214626 started
May 23 10:02:20 usher kernel: argus uses obsolete (PF_INET,SOCK_PACKET)
May 23 10:02:20 usher argus[25730]: 23 May 11 10:02:20.229757
ArgusOpenInterface: pcap_open_live socket: Operation not permitted
May 23 10:02:20 usher argus[25730]: 23 May 11 10:02:20.237115
ArgusOpenInterface: pcap_open_live socket: Operation not permitted
May 23 10:02:20 usher argus[25730]: 23 May 11 10:02:20.242792
ArgusOpenInterface: pcap_open_live socket: Operation not permitted
If I run with ARGUS_INTERFACE=any then argus starts up right away (and seems
to use eth0).
I've got the following live interfaces:
Eth0 (ethernet)
Eth1 (ethernet)
Lo (loopback)
Sit1 (ipv6-ipv4)
I'm running centos-5.6 x86_64. I'm happy to provide any other information.
Cheers,
Harry
More information about the argus
mailing list