/etc/argus.conf is in argus-server 1:2.0.6.fixes.1-16.3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 | # Main configuration file.
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# Copyright (c) 2000 QoSient, LLC
# All rights reserved.
#
# Permission to use, copy, modify, and distribute this software and
# its documentation for any purpose and without fee is hereby granted,
# provided that the above copyright notice appear in all copies and
# that both that copyright notice and this permission notice appear
# in supporting documentation, and that the name of QoSient not
# be used in advertising or publicity pertaining to distribution of
# the software without specific, written prior permission.
#
# QOSIENT, LLC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
# SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
# FITNESS, IN NO EVENT SHALL QOSIENT, LLC BE LIABLE FOR ANY
# SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
# RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
# CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
#
#
# Variable Syntax
#
# Variable assignments must be of the form:
#
# VARIABLE=
#
# with no white space between the VARIABLE and the '=' sign.
# Quotes are optional for string arguements, but if you want
# to embed comments, then quotes are required.
#
#
# Variable Explanations:
#
#-----------------------------------------------------------------------------#
# Argus is capable of running as a daemon, doing all the right things
# that daemons do. When this configuration is used for the system
# daemon process, say for /etc/argus.conf, this variable should be
# set to "yes".
#
# The default value is to not run as a daemon.
#
# This example is to support the ./support/Startup/argus script
# which requires that this variable be set to "yes".
ARGUS_DAEMON=yes
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# If compiled to support this option, Argus is capable of
# generating a lot of use-whatever debug information.
# The default value is zero (0).
# The default Debian binary argus packages were not compiled with debugging.
ARGUS_DEBUG_LEVEL=0
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# Argus Monitor ID is uniquely identifiable based on the source
# identifier that is included in each output record. This is to
# allow you to work with Argus Data from multiple monitors at the
# same time. The ID is 32 bits long, and so legitimate values are
# 0 - 4294967296 and also IP addresses and host names are suitable
# for this ID.
ARGUS_MONITOR_ID=`hostname`
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# By default, Argus Monitors provide a real-time remote access port
# for collecting Argus data. This is a TCP based port service and
# the default port is tcp/561, the "experimental monitor" service.
# By setting this value to zero (0), you can turn off this support.
ARGUS_ACCESS_PORT=0
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# By default, Argus will open the first appropriate interface on a
# system that it encounters. For systems that have only one network
# interface, this is a reasonable thing to do. But, when there are
# more than one interface suitable interface, you may want to specify
# which interface(s) Argus should read data from.
#
# Argus can read packets from multiple interfaces at the same time,
# although this is limited to 2 interfaces at this time.
ARGUS_INTERFACE=eth0
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# Argus when not read packet data from a file, will run
# as a persistant process, or daemon. When doing this,
# Argus can store its pid in a file, to aid in managing
# the running daemon.
#
# When configured to generate a pid file, if Argus cannot
# create the pid file, it will fail to run. So this
# variable is available to control whether Argus should
# or should not attempt to create a pid file.
ARGUS_SET_PID=no
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# By default, Argus will put its interface in promiscuous mode
# in order to monitor all the traffic that can be collected.
# This can put an undo load on systems, if the intent is to
# monitor only the network activity of the specific system.
# In this case, you'll want to turn this off.
ARGUS_GO_PROMISCUOUS=yes
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# Argus will periodically report on a flow's activity every
# ARGUS_FLOW_STATUS_INTERVAL seconds, as long as there is
# new activity on the flow. This is so that you can get a
# view into the activity of very long lived flows. The default
# is 60 seconds, but this number may be too low or too high
# depending on the intent.
#
# If Argus is not configured to generate flow start indications,
# which is the default setting, the status report interval is
# the time that will expire before you are notified that a
# flow exists in the network.
ARGUS_FLOW_STATUS_INTERVAL=60
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# Argus will periodically report on a its own health, providing
# interface status, total packet and bytes counts, packet drop
# rates, and flow oriented statistics.
#
# These records can be used as "keep alives" for periods when
# there is no network traffic to be monitored.
ARGUS_GENERATE_START_RECORDS=no
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# Argus is designed to report network flow activity when the
# network transaction/flow is completed, and to periodically
# report on flow activity when the flows are long lived, > 60
# sec. For applications that require immediate notification of
# the beginning of a network flow, Argus can be configured to
# generate flow start records. The default is to not generate
# these records.
ARGUS_GENERATE_RESPONSE_TIME_DATA=no
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# Argus can be configured to generate packet jitter information
# on a per flow basis. The default value is to not generate
# this data.
ARGUS_GENERATE_JITTER_DATA=yes
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# Argus can be configured to not provide MAC addresses in
# it audit data. This is available if MAC address tracking
# and audit is not a requirement.
ARGUS_GENERATE_MAC_DATA=yes
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# Argus uses the packet filter capabilities of libpcap. If
# there is a need to not use the libpcap filter optimizer,
# you can turn it off here. The default is to leave it on.
ARGUS_FILTER_OPTIMIZER=no
#-----------------------------------------------------------------------------#
#-----------------------------------------------------------------------------#
# You can provide a filter expression here, if you like.
# It should be limited to 2K in length. The default is to
# not filter.
#ARGUS_FILTER=""
#-----------------------------------------------------------------------------#
# Argus can be configured to capture a number of user data bytes from the packet
# stream. The default value is to not generate this data.
ARGUS_CAPTURE_DATA_LEN=0
#-----------------------------------------------------------------------------#
# Argus allows you to capture packets in tcpdump() format if the source of
# of the packets if a tcpdump() formatted file or a live packet source.
# Specify the path to the packet capture file here.
#ARGUS_PACKET_CAPTURE_FILE=""
#-----------------------------------------------------------------------------#
# When remote access is enabled (see above), you can specify that Argus
# should bind only to a specific IP address. This is useful, for example,
# in restricting access to the local host, or binding to a private
# interface while capturing from another. The default is to bind to any
# IP address.
#
#ARGUS_BIND_IP="127.0.0.1"
#------------------------------------------------------------------------------#
|