Content-type: text/html
<HTML><HEAD><TITLE>Manpage of ARGUS.CONF</TITLE>
</HEAD><BODY>
<H1>ARGUS.CONF</H1>
Section: User Commands (1)<BR>Updated: 07 November 2000<BR><A HREF="#index">Index</A>
<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB"> </A>
<H2>NAME</H2>
<B>argus.conf</B> - <B>argus</B> resource file.
<A NAME="lbAC"> </A>
<H2>SYNOPSIS</H2>
<B>argus.conf</B>
<A NAME="lbAD"> </A>
<H2>COPYRIGHT</H2>
Copyright (c) 2000 QoSient, LLC All rights reserved.
<A NAME="lbAE"> </A>
<H2>DESCRIPTION</H2>
<P>
Argus will open this argus.conf if its installed as /etc/argus.conf.
It will also search for this file as argus.conf in directories
specified in $ARGUSPATH, or $ARGUSHOME, $ARGUSHOME/lib,
or $HOME, $HOME/lib, and parse it to set common configuration
options. All values in this file can be overriden by command
line options, or other files of this format that can be read in
using the -F option.
<P>
<A NAME="lbAF"> </A>
<H2>Variable Syntax</H2>
<P>
Variable assignments must be of the form:
<PRE>
VARIABLE=
</PRE>
with no white space between the VARIABLE and the '=' sign.
Quotes are optional for string arguments, but if you want
to embed comments, then quotes are required.
<P>
<A NAME="lbAG"> </A>
<H2>ARGUS_DAEMON</H2>
<P>
Argus is capable of running as a daemon, doing all the right things
that daemons do. When this configuration is used for the system
daemon process, say for /etc/argus.conf, this variable should be
set to "yes".
<P>
The default value is to not run as a daemon.
<P>
This example is to support the ./support/Startup/argus script
which requires that this variable be set to "yes".
<P>
Commandline equivalent -d
<P>
<B>ARGUS_DAEMON=</B>yes
<P>
<P>
<A NAME="lbAH"> </A>
<H2>ARGUS_MONITOR_ID</H2>
<P>
Argus Monitor Data is uniquely identifiable based on the source
identifier that is included in each output record. This is to
allow you to work with Argus Data from multiple monitors at the
same time. The ID is 32 bits long, and so legitimate values are
0 - 4294967296 but argus also supports IP addresses as values.
The configuration allows for you to use host names, however, do
have some understanding how `hostname` will be resolved by the
nameserver before commiting to this strategy completely.
<P>
Commandline equivalent -e
<P>
<P>
<B>ARGUS_MONITOR_ID</B>=`hostname`
<BR>
<P>
<A NAME="lbAI"> </A>
<H2>ARGUS_ACCESS_PORT</H2>
<P>
Argus monitors can provide a real-time remote access port
for collecting Argus data. This is a TCP based port service and
the default port number is tcp/561, the "experimental monitor"
service. This feature is disabled by default, and can be forced
off by setting it to zero (0).
<P>
When you do want to enable this service, 561 is a good choice,
as all ra* clients are configured to try this port by default.
<P>
Commandline equivalent -P
<P>
<B>ARGUS_ACCESS_PORT=</B>561
<P>
<P>
<A NAME="lbAJ"> </A>
<H2>ARGUS_INTERFACE</H2>
<P>
By default, Argus will open the first appropriate interface on a
system that it encounters. For systems that have only one network
interface, this is a reasonable thing to do. But, when there are
more than one suitable interface, you should specify which
interface(s) Argus should read data from.
<P>
Argus can read packets from multiple interfaces at the same time,
although this is limited to 2 interfaces at this time. Specify
this in this file with multiple ARGUS_INTERFACE directives.
<P>
Commandline equivalent -i
<P>
<B>ARGUS_INTERFACE=</B>le0
<P>
<P>
<A NAME="lbAK"> </A>
<H2>ARGUS_OUTPUT_FILE</H2>
<P>
Argus can write its output to one or a number of files,
default limit is 5 concurrent files, each with their own
independant filters.
<P>
The format is:
<PRE>
ARGUS_OUTPUT_FILE=/full/path/file/name
ARGUS_OUTPUT_FILE=/full/path/file/name "filter"
</PRE>
<P>
Most sites will have argus write to a file, for reliablity
and performance. The example file name is used here as
supporting programs, such as ./support/Archive/argusarchive
are configured to use this file.
<P>
Commandline equivalent -w
<P>
<B>ARGUS_OUTPUT_FILE=</B>/var/log/argus/argus.out
<P>
<P>
<A NAME="lbAL"> </A>
<H2>ARGUS_SET_PID</H2>
<P>
When Argus is configured to run as a daemon, with the -d
option, Argus can store its pid in a file, to aid in
managing the running daemon. However, creating a system
pid file requires priviledges that may not be appropriate
for all cases.
<P>
When configured to generate a pid file, if Argus cannot
create the pid file, it will fail to run. This variable
is available to override the default, in case this gets
in your way.
<P>
The default value is to generate a pid.
<P>
No Commandline equivalent
<P>
<B>ARGUS_SET_PID=</B>yes
<P>
<P>
<A NAME="lbAM"> </A>
<H2>ARGUS_GO_PROMISCUOUS</H2>
<P>
By default, Argus will put its interface in promiscuous mode
in order to monitor all the traffic that can be collected.
This can put an undo load on systems.
<P>
If the intent is to monitor only the network activity of
the specific system, say to measure the performance of
an HTTP service or DNS service, you'll want to turn
promiscuous mode off.
<P>
The default value is go into prmiscuous mode.
<P>
Commandline equivalent -p
<P>
<P>
<B>ARGUS_GO_PROMISCUOUS=</B>yes
<P>
<P>
<A NAME="lbAN"> </A>
<H2>ARGUS_FLOW_STATUS_INTERVAL</H2>
<P>
Argus will periodically report on a flow's activity every
ARGUS_FLOW_STATUS_INTERVAL seconds, as long as there is
new activity on the flow. This is so that you can get a
view into the activity of very long lived flows. The default
is 60 seconds, but this number may be too low or too high
depending on your uses.
<P>
The default value is 60 seconds, but argus does support
a minimum value of 1. This is very useful for doing
measurements in a controlled experimental environment
where the number of flows is < 1000.
<P>
Commandline equivalent -S
<P>
<B>ARGUS_FLOW_STATUS_INTERVAL=</B>60
<P>
<P>
<A NAME="lbAO"> </A>
<H2>ARGUS_MAR_STATUS_INTERVAL</H2>
<P>
Argus will periodically report on a its own health, providing
interface status, total packet and bytes counts, packet drop
rates, and flow oriented statistics.
<P>
These records can be used as "keep alives" for periods when
there is no network traffic to be monitored.
<P>
The default value is 300 seconds, but a value of 60 seconds is
very common.
<P>
Commandline equivalent -M
<P>
<P>
<B>ARGUS_MAR_STATUS_INTERVAL=</B>300
<P>
<P>
<A NAME="lbAP"> </A>
<H2>ARGUS_DEBUG_LEVEL</H2>
<P>
If compiled to support this option, Argus is capable of
generating a lot of debug information.
<P>
The default value is zero (0).
<P>
Commandline equivalent -D
<P>
<B>ARGUS_DEBUG_LEVEL=</B>0
<P>
<P>
<A NAME="lbAQ"> </A>
<H2>ARGUS_GENERATE_RESPONSE_TIME_DATA</H2>
<P>
Argus can be configured to report on flows in a manner than
provides the best information for calculating application
reponse times and network round trip times.
<P>
The default value is to not generate this data.
<P>
Commandline equivalent -R
<P>
<BR>
<B>ARGUS_GENERATE_RESPONSE_TIME_DATA=</B>no
<P>
<P>
<A NAME="lbAR"> </A>
<H2>ARGUS_GENERATE_JITTER_DATA</H2>
<P>
Argus can be configured to generate packet jitter information
on a per flow basis. The default value is to not generate
this data.
<P>
Commandline equivalent -J
<P>
<BR>
<B>ARGUS_GENERATE_JITTER_DATA=</B>no
<P>
<P>
<A NAME="lbAS"> </A>
<H2>ARGUS_GENERATE_MAC_DATA</H2>
<P>
Argus can be configured to not provide MAC addresses in
it audit data. This is available if MAC address tracking
and audit is not a requirement.
<P>
The default value is to not generate this data.
<P>
Commandline equivalent -m
<P>
<BR>
<B>ARGUS_GENERATE_MAC_DATA=</B>no
<P>
<P>
<A NAME="lbAT"> </A>
<H2>ARGUS_CAPTURE_DATA_LEN</H2>
<P>
Argus can be configured to capture a number of user data
bytes from the packet stream.
<P>
The default value is to not generate this data.
<P>
Commandline equivalent -U
<P>
<BR>
<B>ARGUS_CAPTURE_DATA_LEN=</B>0
<P>
<P>
<A NAME="lbAU"> </A>
<H2>ARGUS_FILTER_OPTIMIZER</H2>
<P>
Argus uses the packet filter capabilities of libpcap. If
there is a need to not use the libpcap filter optimizer,
you can turn it off here. The default is to leave it on.
<P>
Commandline equivalent -O
<P>
<P>
<B>ARGUS_FILTER_OPTIMIZER=</B>yes
<P>
<P>
<A NAME="lbAV"> </A>
<H2>ARGUS_FILTER</H2>
<P>
You can provide a filter expression here, if you like.
It should be limited to 2K in length. The default is to
not filter.
<P>
No Commandline equivalent
<P>
<P>
<B>ARGUS_FILTER=</B>""
<P>
<A NAME="lbAW"> </A>
<H2>SEE ALSO</H2>
<B><A HREF="http://localhost/cgi-bin/man/man2html?8+argus">argus</A></B>(8)
<P>
<P>
<HR>
<A NAME="index"> </A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">COPYRIGHT</A><DD>
<DT><A HREF="#lbAE">DESCRIPTION</A><DD>
<DT><A HREF="#lbAF">Variable Syntax</A><DD>
<DT><A HREF="#lbAG">ARGUS_DAEMON</A><DD>
<DT><A HREF="#lbAH">ARGUS_MONITOR_ID</A><DD>
<DT><A HREF="#lbAI">ARGUS_ACCESS_PORT</A><DD>
<DT><A HREF="#lbAJ">ARGUS_INTERFACE</A><DD>
<DT><A HREF="#lbAK">ARGUS_OUTPUT_FILE</A><DD>
<DT><A HREF="#lbAL">ARGUS_SET_PID</A><DD>
<DT><A HREF="#lbAM">ARGUS_GO_PROMISCUOUS</A><DD>
<DT><A HREF="#lbAN">ARGUS_FLOW_STATUS_INTERVAL</A><DD>
<DT><A HREF="#lbAO">ARGUS_MAR_STATUS_INTERVAL</A><DD>
<DT><A HREF="#lbAP">ARGUS_DEBUG_LEVEL</A><DD>
<DT><A HREF="#lbAQ">ARGUS_GENERATE_RESPONSE_TIME_DATA</A><DD>
<DT><A HREF="#lbAR">ARGUS_GENERATE_JITTER_DATA</A><DD>
<DT><A HREF="#lbAS">ARGUS_GENERATE_MAC_DATA</A><DD>
<DT><A HREF="#lbAT">ARGUS_CAPTURE_DATA_LEN</A><DD>
<DT><A HREF="#lbAU">ARGUS_FILTER_OPTIMIZER</A><DD>
<DT><A HREF="#lbAV">ARGUS_FILTER</A><DD>
<DT><A HREF="#lbAW">SEE ALSO</A><DD>
</DL>
<HR>
This document was created by
<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 23:40:57 GMT, March 15, 2001
</BODY>
</HTML>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
dc2800a8ec9b3e4a05b103066b15d559
>
files
>
39
