FW: Argus on Security Onion
John Gerth
gerth at graphics.stanford.edu
Fri Oct 11 00:20:54 EDT 2013
Bravo!
Now there's an opening to make SO less Bro-centric.
--
John Gerth gerth at graphics.stanford.edu Gates 378 (650) 725-3273
On 10/10/13 5:58 PM, David Edelman wrote:
> The latest release of Security Onion now contains a fully functional
> /etc/argus.conf which exposes all of the previously unavailable Argus
> features
>
> --Dave
>
>
> -----Original Message-----
> From: Doug Burks [mailto:doug.burks at gmail.com]
> Sent: Thursday, October 10, 2013 8:08 AM
> To: David Edelman
> Subject: Re: [ARGUS] Argus on Security Onion
>
> On Mon, Aug 12, 2013 at 8:20 PM, David Edelman <dedelman at iname.com> wrote:
>> Actually it's all rather irrelevant. The sole change is to the command
> line
>> that you use to (re)start Argus. Currently you have a hardcoded -P0 to
>> prevent opening a listening port for the use of the clients. You also do
> not
>> provide an /etc/argus.conf file with the distribution.
>>
>> In short the single hardcoded parameter -P0 prevents Argus from working as
>> expected by most Argus users and by providing a simple mechanism for
>> eliminating it keeps Argus users out of the SO command files while still
>> allowing them to do what they expect to do.
>>
>> If I provide an argus.conf file that parrots your command line (minus the
> -w
>> filenameToWriteTo) and you reduce the parameters for Argus to the -w
>> filename . Everyone wins since the Argus folks will do what they normally
> do
>> and the non-Argus folks will still have exactly what they have now.
>>
>> We tell the folks on The Argus mailing list about the conf file (which
> they
>> expect to see) and let them do what they wish.
>
> Hi David,
>
> Your fixes have been published if you'd like to notify the Argus mailing
> list.
>
> http://securityonion.blogspot.com/2013/10/new-nsmsetup-packages-now-availabl
> e.html
>
> Thanks so much!
>
> Doug
>
More information about the argus
mailing list