Argus Operation

Carter Bullard carter at qosient.com
Thu Apr 3 10:56:20 EST 2003 

Hey Deigo,
   All argus technology is backward compatible, so
you can run any version with any version, no problem.
An earlier client will not see the new data and
features of a newer server, but they will
interoperate.

   You can compress argus data files, and all the
ra* programs know how to uncompress gzip'd and bzip2
file formats on the fly, so many people compress
their data.

   There are tools available to rotate files.
Checkout the ./support/Archive directory in the
argus-clients distribution.

   If there is nothing listening when argus generates
a record, it will just drop the record.

   There is a FAQ, that has answers to all of
these questions, both online and in the distribution.
Check it out.

Carter







> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu 
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of 
> Carter Bullard
> Sent: Thursday, April 03, 2003 9:54 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Argus Operation
> 
> 
> 
> 
> Carter,
> 	I´m considering using Argus in two scenarios. One, the same
> hardware collects and keeps the records and Two, one server 
> collects the
> records and one client connects to the server and receives 
> the records.
> 
> First scenario:
> 	The first scenario has the advantage or requiring one single
> piece of hw. I can log to a file and have ra somehow extract, for
> instance, hourly files, gzip and ftp them to a reporting machine.
> 	Questions:
> 			How can I run both the server and the clients
> separate distributions in a single machine, now that they 
> have different
> versions and presumably different library versions?
> 			Is there a way to somehow rotate Argus files to
> keep them from growing? Alternatively, what would you 
> consider the best
> way to work with Argus files, keeping partial gzip files and maybe a
> small current Argus file?
> 
> Second scenario:
> 	Does argus send flows every time a flow ends and every x seconds
> if its long lived?
> 	Does the client need to be permanently connected to argus not to
> miss a flow or argus will keep the flows until the next client
> connection?
> 	If the client is not connected, the flow info is missed unless
> it is configured to save to a file?
> 	Is there a way to rotate ra output files? Alternatively, what
> would you consider the best way to work with ra output files, keeping
> partial gzip files and maybe a small current ra file?
> 
> Many thks.
> 
> Diego.
> 
> 
> 
> 
>

More information about the argus mailing list