Giving a talk on Argus...
Russell Fulton
R.FULTON at auckland.ac.nz
Sun Feb 3 21:05:21 EST 2002
Hi All,
AusCERT have prevailed on me to give a talk at the security conference
they are organizing in May. They initially asked me to talk about scans
but I decided that everyone knows about scans but not everyone knows
about Argus so I would take the oportunity to try and raise the profile
of our favourite tool. The talk will focus on the practical reasons for
running argus and how it complements things like
NIDS.
One of the things I want to emphasise us is that Argus is being used at
some major sites with large feeds. I.e. this is not some 'nice
theoretical idea', it really is being used to monitor some heavily used
links. (Auckland does not really count ;-) with a meer 7 Mbps...).
So I would appreciate some brief summaries with the following
information:
1/ type of link being monitored (OC3, gigabit ethernet etc)
2/ peak volumes in Mbps (aprox averaged over 5 minutes)
3/ brief description of hardware used including amount of Disk and
Memory
4/ how long do you keep logs (on disk and archived).
5/ daily log volume (compressed).
6/ how long have you been using argus.
Along with a statement as to whether you want the information made
anonymous.
Much of the material will be similar to Peter's ;login article and I
will include a reference to it in my slides. I will, of course, include
pointers to www.qosient.com -- and other online resources I should
mention.
Lastly anyone have any argus related funny stories that I can use to
keep people awake?
scp
--
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
More information about the argus
mailing list