Argus Operation
Carter Bullard
carter at qosient.com
Thu Apr 3 09:53:40 EST 2003
Carter,
I´m considering using Argus in two scenarios. One, the same
hardware collects and keeps the records and Two, one server collects the
records and one client connects to the server and receives the records.
First scenario:
The first scenario has the advantage or requiring one single
piece of hw. I can log to a file and have ra somehow extract, for
instance, hourly files, gzip and ftp them to a reporting machine.
Questions:
How can I run both the server and the clients
separate distributions in a single machine, now that they have different
versions and presumably different library versions?
Is there a way to somehow rotate Argus files to
keep them from growing? Alternatively, what would you consider the best
way to work with Argus files, keeping partial gzip files and maybe a
small current Argus file?
Second scenario:
Does argus send flows every time a flow ends and every x seconds
if its long lived?
Does the client need to be permanently connected to argus not to
miss a flow or argus will keep the flows until the next client
connection?
If the client is not connected, the flow info is missed unless
it is configured to save to a file?
Is there a way to rotate ra output files? Alternatively, what
would you consider the best way to work with ra output files, keeping
partial gzip files and maybe a small current ra file?
Many thks.
Diego.
More information about the argus
mailing list