Argus Testing, an update

Carter Bullard carter at qosient.com
Wed Oct 4 18:42:29 EDT 2000


Gentle People,
We have come to a point in the testing where
we appear to have stability, and the core functionality
seems to be there.  As a result, I believe that the
argus part of Argus-2.0 is now functionality equivalent
to that of Argus-1.8.1.  A great day indeed.

There are a large number of things that have changed
between 1.8 and 2.0.  Multitasking, record buffering,
independant filtering on each output, client specified/
server-side record fitering, Non-IP protocol reporting,
better performance, hopefully more reliable, ;o) just
to name a few.

Argus records have been enhanced to support variable
length records and to provide record source identification,
Argus record loss detection, packet burst timing
information, better ICMP and TCP protocol reporting
support, better aggregation support and we added some
more specific protocol reporting with ESP and Arp.

We have some new clients, and we got rid of a few.  All
clients can read Netflow records and provide Netflow
to Argus conversion.  And we have an argus record aggregator
Ragator, that is very powerful, I hope that we all can
start to look into what this baby can do.  I'm sure that
means that I'll have to provide some documentation ;o)

A lot of stuff in a short period of time!!!!!
I very much appreciate all the effort and work that
everyone has put in.  THANKS!!!

There are some new features in argus() that still need
testing.  Multi interface support is a big one.
Mark P. has done some preliminary testing, and hopefully
he will be able to take a very good look at this feature
soon.  If anyone has multiple interfaces of the same type,
try a couple of "-i interface" options on the same line
to see if it seems like we're doing the right thing.

Other features that I slipped in are support for SLIP, PPP
and ATM interfaces.  If anyone has any of these interface
types that tcpdump can get packets from, testing that we
can capture packets and generate Argus records would be
most welcome and appreciated.  Just saying that we get
something or nothing would be great at this point.

Cisco Netflow record support works well for files, but we
have not tested real-time conversion directly from a Cisco
router.  This is important, and if anyone has access to
a Cisco router that can generate Netflow records, lets
test it out.  Just use the -C (Cisco) option along with
the -S hostname option on ra() to turn it on. (the router
I'm sure needs to be configured to generate the records,
so be sure and do this as well :o)

   ra -CS routerAddr -gnc

should generate half pipe (one side only) argus records.
We receive on port 9995 by default, to change the port
to another number, just use the "-P portnum" option.
I removed the old -C option support, which wanted a
Cisco access control list.  This functionality will be
provided in a separate client.

The next stuff to do is to add User/Application Data
reporting, RTP protocol reporting support, so we
can do Voice over IP transaction reporting, and multicast
protocol reporting .  Walter at CMU is contemplating
our ./configure strategy to make it more flexible and
useful, and there is considerable interest in adding
authentication for the argus access port.

And of course, there are the new clients!  Rapath() is
an example of some of the things we can now do, and Ramon()
is very very interesting, but these are just the first of
what I expect will be a good number of argus data
processing applications.  I hope that we can start the
dialog to describe some key applications that we want to
provide in the 2.0 release.

Still a lot of work to do, but I'm confident that we can have
a late October/early November Argus-2.0 release.

And of course the documentation ;o)

Remember, if you have any comments/opinions/recommendations/
flames/reactions/whatever, please feel free to email/phone/write
or just come on by.

Thanks again for all the help,

Carter


Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 17A
New York, New York  10022

carter at qosient.com
Phone +1 212 813-9426
Fax   +1 212 813-9426
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20001004/d67f3747/attachment.html>


More information about the argus mailing list