Hi folks, I am looking for some tips how to best use larger blacklists with NfSen. The blacklists are created from external IP address information and stored into text files as filters (for example, nfsen/var/filters/myfilter which contains the line "host in [10.1.1.1 10.1.1.2 10.1.1.3]"). Also, I am using similar file based filters for defining some channels in my profiles. Most of my filters are automatically updated, and some of the files have grown larger than 128KB over time. Unfortunately, this has created the following problem -- whenever one executes a query from NfSen web GUI with such a filter (or runs a query for a channel that is defined with such a filter), the following error message is displayed:
ERROR: nfsend: nfdump run error: Argument list too long! The reason for this message is apparently the following -- although the filter is defined in a file, nfsen passes it to nfdump as a single command line parameter. However, with recent linux kernels the maximum length of the command line parameter appears to be 128KB (for example, see the discussion at http://unix.stackexchange.com/questions/120642/what-defines-the-maximum-size-for-a-command-single-argument). This problem can be easily avoided by passing the filter to nfdump not in command line, but rather providing the path to the filter file with -f option (when invoking nfdump manually with -f for large filter files, everything works without issues). My question is the following -- can NfSen be reconfigured somehow to take the filter definition from file via -f command line option? kind regards, risto ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
