[ARGUS] Question about ragraph
John Nagro
john.nagro at gmail.com
Thu Jul 1 11:24:32 EDT 2004
Eric,
I'd love some advice. Currently i run argus on a snort sensor of mine.
It works pretty well, but i want to change it so it sends the data off
to another machine that actually does the logging, processing, etc.
How stable is this feature? have you used it yourself?
-John
On Thu, 1 Jul 2004 09:40:46 -0500, eric <eric at catastrophe.net> wrote:
>
> On Thu, 2004-07-01 at 10:22:15 -0400, John Nagro proclaimed...
>
> > I understand. At the moment i dont have time to write docs, i am
> > however trying to test out your software. We run a college of computer
> > science, so you can image we have all sorts of traffic and we have to
> > monitor very fast connections in real-time. Its been interesting but i
> > think i have a decent, stable, setup. When i am done i will post a
> > write up and all my perl/shell code that i used to manage/use/process
> > software/data.
>
> I work for a large University in Chicago; right now we're looking at
> about 400Mbps during low use times of traffic, so if you need any
> pointers to monitoring high-capacity links, let me know.
>
> > I work on lots of projects. I dont mean to sound ungratefull when i
> > ask for docs, its just harder to deploy a system on our scale when it
> > doesnt have a lot of docs.
>
> Indeed. One annoying thing about argus is that there are little docs
> and a few little bugs here and there. Carter is working on them, and
> I'm going to start writing docs now that I've got more time on my
> hands.
>
>
More information about the argus
mailing list