Argus query

Noman Muneer nomanmuneer at gmail.com
Tue May 19 20:07:14 EDT 2015


Hi Carter,

I had another question whose solution most likely borders on the
rudimentary.

I have just created a volume group that is substantially large and have
moved the /nsm directory to this volume. I had to configure the tcpdump and
mysql files in the AppArmor directories so that they were pointing to the
new volume group... in doing so I was once again able to create pcaps (this
feature had stopped once the /nsm directory was moved).

I have noticed that Argus will not write to its output files... I am
guessing this is a result of the change in the storage topology. As such
could you please advise as to whether I need to make a similar
configuration for argus so that it knows where the new nsm directory is
located? Or will the change in storage have an impact? the command "ratop
-S localhost:561" works and using it I can confirm that Argus is watching
the live traffic. Its just not writing this traffic to the specified output
files (  rasplit -M time 60m -S argusHost:port \
          -w /path/to/the/archive/\$srcid/%Y/%m/%d/argus.%Y.%m.%d.%H.%M.%
S)....

Any information/direction you are able to provide on the matter will be
greatly appreciated.

Please let me know if you need me to rephrase the question or to clarify
any points.

Many thanks in advance.

Kind Regards,
Muneer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150519/442e517c/attachment.html>


More information about the argus mailing list