FW: Argus on Security Onion

John Gerth gerth at graphics.stanford.edu
Fri Oct 11 00:20:54 EDT 2013


Bravo!

Now there's an opening to make SO less Bro-centric.

--
John Gerth      gerth at graphics.stanford.edu  Gates 378   (650) 725-3273

On 10/10/13 5:58 PM, David Edelman wrote:
> The latest release of Security Onion now contains a fully functional
> /etc/argus.conf which exposes all of the previously unavailable Argus
> features
> 
> --Dave
> 
> 
> -----Original Message-----
> From: Doug Burks [mailto:doug.burks at gmail.com] 
> Sent: Thursday, October 10, 2013 8:08 AM
> To: David Edelman
> Subject: Re: [ARGUS] Argus on Security Onion
> 
> On Mon, Aug 12, 2013 at 8:20 PM, David Edelman <dedelman at iname.com> wrote:
>> Actually it's all rather irrelevant. The sole change is to the command
> line
>> that you use to (re)start Argus. Currently you have a hardcoded -P0 to
>> prevent opening a listening port for the use of the clients. You also do
> not
>> provide an /etc/argus.conf file with the distribution.
>>
>> In short the single hardcoded parameter -P0 prevents Argus from working as
>> expected by most Argus users and by providing a simple mechanism for
>> eliminating it keeps Argus users out of the SO command files while still
>> allowing them to do what they expect to do.
>>
>> If I provide an argus.conf file that parrots your command line (minus the
> -w
>> filenameToWriteTo) and you reduce the parameters for Argus to the -w
>> filename . Everyone wins since the Argus folks will do what they normally
> do
>> and the non-Argus folks will still have exactly what they have now.
>>
>> We tell the folks on The Argus mailing list about the conf file (which
> they
>> expect to see) and let them do what they wish.
> 
> Hi David,
> 
> Your fixes have been published if you'd like to notify the Argus mailing
> list.
> 
> http://securityonion.blogspot.com/2013/10/new-nsmsetup-packages-now-availabl
> e.html
> 
> Thanks so much!
> 
> Doug
> 



More information about the argus mailing list