Home > argus > argus -I

argus(8) -I
audit record generation and utilization system
-I   <number> Specify the <number> of instances that are concurrently allowed.  The default is  1.   This
     is impacts the pid file strategy for argus.


Run argus as a daemon, writing all its transaction status reports to output-file. This is the typical mode. argus -d -e `hostname` -w output-file
If ICMP traffic is not of interest to you, you can filter out ICMP packets on input. argus -w output-file - ip and not icmp
Argus supports both input filtering and output filtering, and argus supports multiple output streams, each with their own independant filters.
If you are interested in tracking IP traffic only (input filter) and want to report ICMP traffic in one output file, and all other IP traffic in another file. argus -w outfile1 "icmp" -w outfile2 "not icmp" - ip
Audit the network activity that is flowing between the two gateway routers, whose ethernet addresses are 00:08:03:2D:42:01 and 00:00:0C:18:29:F1. Without specifying an output-file, it is assumed that the transaction status reports will be written to a remote client. In this case we have changed the port that the remote client will use to port 430/tcp. argus -P 430 ether host (0:8:3:2d:42:1 and 0:0:c:18:29:f1) &
Audit each individual ICMP ECHO transaction. You would do this gather Round Trip Time data within your network. Write the output to output-file. argus -R -w output-file "echo" - icmp
Audit all NFS transactions involving the server fileserver and increase the reporting interval to 3600 seconds (to provide high data reduction). Write the output to output-file. argus -S 3600 -w output-file udp and port 2049 &

Tips or Questions?

Powered by ExplainShell