Argus-2.0 Update and ragator()

Mark Poepping poepping at cmu.edu
Thu Aug 31 00:18:47 EDT 2000 

Do you want to remove it all together or replace
it with a cloned OpenSource license..  I'm wonder
if we need to worry about possible fragmentation..
mark.


> -----Original Message-----
> From: owner-argus at lists.andrew.cmu.edu
> [mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Carter Bullard
> Sent: Wednesday, August 30, 2000 9:30 AM
> To: Argus (E-mail)
> Subject: Argus-2.0 Update and ragator()
> 
> 
> Gentle People,
>    Argus-2.0 is behaving rather well, and I have working
> ports of ra(), racount(), and rasort().  I will make
> an initial test version available tomorrow.  Its not
> perfect, but its a good time to test things like signal
> handling, file management and basic record accuracy.
> 
> One thing that I haven't mentioned, I've removed the
> copyright restrictions on Argus-2.0, so the whole thing
> will be open source.  Just seems like the right thing
> to do ;o)
> 
> One problem that I won't have solved is legacy Argus
> compatibility for ra(), racount(), and rasort().
> This will come after the holiday, so if you want to
> wait, I can put hold off until next Friday.
> 
> I'm working on a new function ragator() (Ra aggregator)
> which will replace raconnections().  Ragator() is
> the most interesting new thing to come up so far,
> and I'd like to get your opinions on this new
> client and its functions.
> 
> The basic idea is that Argus generates micro-flow
> audit data, or per transaction audit data.  Most
> applications will not need this much information,
> and so to start addressing Argus data management
> I've jumped into the 'data aggregation' fire.
> 
> Throwing away records is not a good solution, at
> least for me, so the idea is to merge or aggregate
> records together for those flows that you just
> don't need per transaction information for.
> 
> As an example.  Pinging can generate a lot of
> Argus data.  Why not compress all the ping data
> together, into one record that also contains the statistics
> you wanted in the first place, like mean transaction
> duration, with standard deviation, along with the a min
> and max, still keeping the packet and byte counts.
> 
> So in an attempt to solve this problem, ragator().
> Ragator() aggregates like Argus Records together.
> Through a configuration file, you specify which Argus
> Records will be aggregated together, how they will
> be aggregated and for how long a period they will be
> aggregated before being reported.  This is going to be
> very cool.
> 
> I've included the configuration file format that I'm
> currently testing with.
> 
> Please take a look at it and if you see a better way,
> please don't hesitate to send suggestions, comments,
> opinions, reactions, flames.
> 
> 
> 
> Carter
> 
> 
> 
> Carter Bullard
> QoSient, LLC
> 300 E. 56th Street, Suite 17A
> New York, New York  10022
> 
> carter at qosient.com
> Phone +1 212 813-9426
> Fax   +1 212 813-9426

More information about the argus mailing list