new argus release update
Carter Bullard
carter at qosient.com
Fri Feb 13 14:34:38 EST 2004
Hey John,
I just finished the port, and all of my windows machines
are very low demand workstations, and an exchange server
handling one email account, so I have no idea where it will
top out.
The key to the argus port on windows is winpcap running
on cygwin, so if its any good, then argus should do well
enough to monitor a 100MB link, without too much trouble,
but that is only a guess. I have a native windows argus
that does 100Mbps no problem, but it is a 1.8 version,
and not suitable for open source. Interesting thing
about that argus was it was written in C++, hard wired
to a WinDis driver, and it cooked pretty well.
After I get argus-2.0.6 out, I'll put the 2.0.7.alpha.1
code base up and we can figure it out.
Carter
-----Original Message-----
From: Lauro, John [mailto:jlauro at umflint.edu]
Sent: Friday, February 13, 2004 1:42 PM
To: carter at qosient.com; argus-info at lists.andrew.cmu.edu
Subject: RE: new argus release update
What kind of load can windows + argus handle without missing any
flows? Any stress testing with it and ISA, or even just plain routing
on 100mb or faster interfaces?
Argus+Linux works well on our linux firewall, but generally, to me
cygwin apps always seemed to run slower then running the same app
under linux. (probably do more to library thunking with fork, and
other costly things to do in windows compared to linux.) I wonder how
hard it would be to make it work with Microsoft's SFU 3.5 (free now,
and it even comes with gcc). SFU 3.5 seems a little faster then
cygwin. (note: haven't actually compared identical apps on identical
hardware and was old version of cygwin, etc... So don't trust this
comparison).
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Carter Bullard
> Sent: Friday, February 13, 2004 12:52 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: new argus release update
>
>
> Gentle people,
> There is one outstanding bug that I'm fixing this weekend
> which will allow me to release argus-2.0.6, which is an
> alignment problem on Solaris. Other than that argus is good
> to go. I should send out announcements late Monday, at least
> that is the plan.
>
> I have argus running under Windows now, using Cygwin and
> WinPcap, and that is the planned addition for argus-2.0.7.
> Works very well as a service for all my XP and Server
> machines, so hopefully some of you will find it useful.
>
> Well that's the current status. We still need to get
> something going for the email archive. Now that we have mbox
> formats for most of it, it should be hard, just need to find
> out where, and what kind of front ends are available. Again
> any input here would be great!!!
>
> Carter
>
>
>
>
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Andrew Pollock
> Sent: Tuesday, February 10, 2004 8:47 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Timeranges
>
> Hi,
>
> Can anyone give me a clue as to how to specify a timerange of
> the first and last 12 hours of a given day?
>
> I currently split my Argus logs on a 24 hour day basis,
> however they're now too large to fit on a CD bzipped, so I'm
> going to have to split them on a 12 hour basis :-(
>
> Andrew
>
>
>
>
More information about the argus
mailing list