Couple things...
Craig Merchant
cmerchant at responsys.com
Thu Aug 1 19:02:10 EDT 2013
Hey, Carter...
I just wanted to check in and see if you anything else from me on the labeling issue or argus crashing when trying to convert a pcap file. Let me know...
I'm also having some issues with keystroke detection with the latest release. The following command used to work in my testing:
/usr/local/bin/ra -S 10.10.10.10:561 -n -u -c "," -s "+0dnstroke,+1snstroke" - host 10.1.1.1 and host 10.1.1.2
I tried both a normal and reverse SSH session between the two hosts and neither one registered keyboard strokes of varying speeds and intensity.
All I've done is commented out the defaults in argus.conf:
ARGUS_KEYSTROKE="yes"
ARGUS_KEYSTROKE_CONF="GPC_MAX=4"
I performed pretty much the same testing a couple months ago and got plenty of flows where keystrokes were detected. Please let me know what you'd recommend for troubleshooting that.
Thanks.
Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130801/43b8c6ed/attachment.html>
More information about the argus
mailing list