[ARGUS] argus-2.0.6 released!!!

Carter Bullard carter at qosient.com
Wed May 5 21:35:16 EDT 2004 

Hey Steve,
  Should these be in the man page or in the FAQ, or both?
I'm for brevity, so some examples in the man page to get
one started, but if we put every example in the man page
then it gets too huge (need to have every example?).
That's my opinion, but I do bend to the crowd, so opinions,
attitude, flames, suggestions, reactions, reflections are
all welcome here!!!!!

  I'll hold off adding this to the man page until we get
some responses.

  The FAQ needs work, so why don't we do something with it?

Carter



-----Original Message-----
From: Steve McInerney [mailto:spm at healthinsite.gov.au]
Sent: Wednesday, May 05, 2004 7:30 PM
To: Carter Bullard
Cc: argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] argus-2.0.6 released!!!

Man pages eh?

The below patch is one I've just written up from my recent Q about
finding non-returning TCP connections.

I've also added a quick line at the top in the Description about how
using ragator might be a "Good Thing(tm)".
FWIW, I'm a strong believer in copious examples; so I'd like to dig out
some of the common and not so common regular "queries" we run internally
for submission and add those - if agreeable?

All errors are now Carter's problem ;-)


HTH?


- Steve

applied against: argus-clients-2.0.6/man/man1/ra.1

13c13
< .TH RA 1 "12 November 2000" "ra 2.0"
---
 > .TH RA 1 "06 May 2004" "ra 2.0.6"
17c17
< Copyright (c) 2000-2003 QoSient. All rights reserved.
---
 > Copyright (c) 2000-2004 QoSient. All rights reserved.
35a36,41
 > It is frequently useful to first parse an \fIargus-file\fP through
 > .BR ragator(8)
 > to speed up later ra queries.
 > .BR ragator(8)
 > combines all the records about a given flow into a single record.
 > .LP
527a534,549
 > .LP
 > To report all TCP HTTP transactions from and to host 'narly.wave.com',
 > reading transaction data from \fIargus-file\fP argus.data:
 > .RS
 > .nf
 > \fBra -r argus.data - tcp and port http and host narly.wave.com\fP
 > .fi
 > .RE
 > .LP
 > To report all TCP HTTP transactions to host 'narly.wave.com' that did not
 > receive any returned data, reading transaction data from
\fIargus-file\fP argus.data:
 > .RS
 > .nf
 > \fBra -r argus.data - tcp and port http and syn and not synack and
host narly.wave.com\fP
 > .fi
 > .RE




Carter Bullard wrote:
> Ok, finally 2.0.6 is released, and I have to thank everyone
> that helped to fix the problems, and of course thanks to
> everyone for there amazing patience.   Web site is updated,
> which means that a billion bugs have just been spontaneously
> generated and will emerge from the rocks, but that is of
> course the nature of this beast.
>
> Next step is to work on the clients.  Please take a look at the
> argus-clients-2.0.6.tar.gz so we can beef it up a bit, including
> man pages (I know, ....., even the documentation) and the like.
>
> Hope all is well, and that argus continues to be helpful!!!!
>
> Carter
>
>
>

More information about the argus mailing list