packet headers

Carter Bullard carter at qosient.com
Wed Apr 2 07:05:12 EDT 2014 

Hey Oğuz,
This feature works fine for me using argus-3.0.7.5.
There are two variables in the example ./support/Config/argus.conf file.
I uncommented out these entries in my /etc/argus.conf,
after making sure the /var/log/argus directory existed.

ARGUS_PACKET_CAPTURE_FILE="/var/log/argus/packet.out"
ARGUS_PACKET_CAPTURE_ON_ERROR=“no”

The second variable toggles whether we capture every packet,
or just packets when there is an error in argus.

Then running as root, argus did generate a lot of packet data.
Not seeing this on your machine ??

Carter

On Apr 1, 2014, at 3:36 PM, Oğuz Yarımtepe <oguzyarimtepe at gmail.com> wrote:

> argus-3.0.6.1 solved my problem.
> 
> Thank you.
> 
> 
> On Tue, Apr 1, 2014 at 10:14 PM, Oğuz Yarımtepe <oguzyarimtepe at gmail.com> wrote:
> It seems someone had the same problem: http://comments.gmane.org/gmane.network.argus/8192
> I should try argus-3.0.6.1 it seems :)
> 
> 
> 
> 
> On Tue, Apr 1, 2014 at 12:40 AM, Carter Bullard <carter at qosient.com> wrote:
> Hmmmm, not sure... Creating the file is one part....If you delete the file does it come back ???  Are you chroot'ing ???   That could break it ...
> 
> Carter
> 
> On Mar 31, 2014, at 4:24 PM, Oğuz Yarımtepe <oguzyarimtepe at gmail.com> wrote:
> 
>> Hi,
>> 
>> 
>> On Sun, Mar 30, 2014 at 8:35 PM, Carter Bullard <carter at qosient.com> wrote:
>> Hey Oğuz,
>> Yes, use this option in the argus.conf file.
>> 
>> # Argus allows you to capture packets in tcpdump() format
>> # if the source of the packets is a tcpdump() formatted
>> # file or live packet source.
>> #
>> # Specify the path to the packet capture file here.
>> #
>> 
>> #ARGUS_PACKET_CAPTURE_FILE="/var/log/argus/packet.out”
>> 
>> 
>> I tried it after i run  
>> argus -d -i eth0 -P 561
>> 
>> ra -S 127.0.0.1:561 gives me output. I followed the settings at http://nsmwiki.org/Argus. /var/log/argus/packet.out is created but still 0 byte.
>> 
>> 
>> 
>> 
>> 
>> What am i missing?
>> 
>> 
> 
> 
> 
> -- 
> Oğuz Yarımtepe
> http://about.me/oguzy
> 
> 
> 
> -- 
> Oğuz Yarımtepe
> http://about.me/oguzy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140402/6c4527c9/attachment.bin>

More information about the argus mailing list