Argus doesn't collect packet data - only session data
Paul Schmehl
pschmehl_lists at tx.rr.com
Mon Mar 5 16:55:12 EST 2012
I'm setting up a new server, and I've run into a problem with argus. No
matter what I do, I can't seem to get it to collect user data. It works
fine on the old server.
This is on FreeBSD 8.2. Argus was built from ports and is version 3.0.4
without SASL.
Here's the argus.conf file:
ARGUS_DAEMON=yes
ARGUS_INTERFACE="bce1"
ARGUS_OUTPUT_FILE=/var/data/nsm/argus/argus.log
ARGUS_SET_PID=yes
ARGUS_GO_PROMISCUOUS=yes
ARGUS_GENERATE_RESPONSE_TIME_DATA=yes
ARGUS_GENERATE_MAC_DATA=yes
ARGUS_FILTER="ip and not icmp"
ARGUS_CAPTURE_DATA_LEN=800
And here's the process running:
root 94930 18.1 1.1 210416 189484 ?? Rs 8:48PM 0:41.79
/usr/local/sbin/argus -F /usr/local/etc/argus.conf -F
/usr/local/etc/argus.conf
No matter what CAPTURE_DATA_LEN I use, this is what I get in the log:
20:53:03.717210 e udp 10.21.1.49.59178 <->
74.200.191.77.domain 2 408 CON
20:53:03.718211 e tcp 10.110.143.147.64634 <?>
205.203.132.65.http 13 10133 CON
20:53:03.718618 e tcp 10.160.122.248.55405 ->
69.116.12.102.28550 3 213 CON
20:53:03.722132 e tcp 10.21.21.177.56017 ->
218.6.12.180.http 3 180 RST
20:53:03.720056 e tcp 71.71.229.73.12283 ->
129.110.94.160.http 11 1633 FIN
20:53:03.720769 e d tcp 10.21.17.168.58421 ->
121.11.151.47.http 351 380622 CON
20:53:03.721078 e i tcp 10.40.128.53.55652 <?>
10.110.47.178.ssh 171 108674 CON
As you can see, no packet data at all.
I've even tried using -U 800 on the commandline, but same results. Googling
didn't help.
--
Paul Schmehl (pauls at utdallas.edu)
More information about the argus
mailing list