fragments in 2.0.5?

[Carter Bullard]

Hey Russell,
   After I get 2.0.5 released, which should be this week,
I'll finalize the new argus-clients distribution.  I have
rastrip() already finished, which I believe gets you
closer to your goal.  The only thing I need to add is
2.0 -> 1.8 conversion.

   Rastrip() basically allows you strip out any DSR
(data specific record) from an argus record.  You can
get rid of it all, leaving just the timestamps if you
want.  The default is to leave the far, which holds
the flow descriptions, and the extended TCP record,
which has the state, flags, seq numbers, etc.....
This usually gives you about 60% reduction in size,
but with 2.0 -> 1.8 conversion, you'd get another
30-40%.

   I'll try to have argus-clients-2.0.5.beta.1 out
for testing by the end of next week.

Hope all is well,

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com
   

> -----Original Message-----
> From: Russell Fulton [mailto:r.fulton at auckland.ac.nz] 
> Sent: Tuesday, April 23, 2002 12:53 AM
> To: carter at qosient.com
> Subject: RE: fragments in 2.0.5?
> 
> 
> On Mon, 2002-04-22 at 22:56, Carter Bullard wrote:
> > 
> > So, ....,  I'll take a look, but have you considered
> > upgrading your argus to 2.x?  What is it that's holding
> > you back?
> 
> In my case the big attraction of 1.8 is its much smaller 
> record.  I use
> 1.8 for long term archiving and 2.0.x for current stuff.  As I have
> noted before it would be neat to have a utility that stripped some of
> the new bulkier stuff out of the 2.0 records after they have been on
> disk for a month and then archived them.
> 
> last time I brought this up someone pointed me to a format conversion
> but I now can't lay my hands on the message (its not in the archive so
> it must have been sent just to me, sigh...).
> 
> -- 
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland,  New Zealand
> 
> 
>