Argus Client Command Line Arguments
David Edelman
dedelman at iname.com
Fri Aug 9 19:03:40 EDT 2013
Carter,
In Richard Bejtlich's new book he does include examples of using Argus and
some of the clients but he consistently puts the BPF filter arguments in the
middle of the argument string preceded by the isolated minus sign e.g.:
# racluster -r filename.argus - tcp and src port 80 -s +sappbytes
I just attempted to do that on one of my systems and it does work. Is this
intended behavior that will be supported over the long term? I had always
considered the isolated minus sign as terminating option string processing.
If it is actually a non-terminal escape from option processing then the
current use makes sense.
--Dave
More information about the argus
mailing list