ra (or equivelent) in daemon mode?

Carter Bullard carter at qosient.com
Fri Jun 20 20:17:39 EDT 2003 

Hey Peter,
   You can run argus without writing to disk, but putting a listen
down for a remote ra() to access the data, using the
ARGUS_ACCESS_PORT configuration variable (or -P on the command
line).   The ra call would just be:

   ra -S remoteArgus:portnum -w ra.out 

you need the portnum if your using something other than
the default 561.  Putting that in a script so that it
just spawns again if the ra goes away works pretty well.
Using this strategy, you can run argus archive against
the ra.out output file, and ra will just recreate the
file on the next record, so that works well.

I can offer to change ra so that it bypasses
the record copies that it does in order to support
filtering, if there isn't a filter and your writing the
output to a file.  That would make it really efficient,
as it would be simply checking the record framing on
each record.  You will need that in order to jerk the
file out from underneath ra().

Carter


> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu 
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of 
> Peter Van Epp
> Sent: Friday, June 20, 2003 5:58 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: ra (or equivelent) in daemon mode?
> 
> 
> 	Before I look at possibly reinventing the wheel, was there any 
> resolution to the question of how to have argus on one box 
> writing only 
> to a socket and ra (or something else since ra seems 
> overkill) on another 
> box that listens on the socket and writes the data to disk? 
> Basically what
> I'm after is argus_linux spread across two machines. One collecting / 
> processing (but doing no disk I/O) and the other one writing 
> the data to 
> disk and being rotated by argus archive (and possibly running 
> ra against 
> the data in the archive). Linux is up and listening to a fdx 
> link on a pair
> of bonded 3c905Bs (and currently writing to disk on the same 
> machine) now I
> need to move the disk I/O to another machine in preparation 
> for changing to 
> Gig.
> 
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
>

More information about the argus mailing list