Multiple argus sensors

John Nagro john.nagro at gmail.com
Mon Jan 31 12:31:05 EST 2005 

Carter,

How does one go about properly setting a source ID for each sensor? i
looked in the config file and couldnt find it.

-John


On Mon, 24 Jan 2005 12:10:13 -0500, Carter Bullard <carter at qosient.com> wrote:
> Hey John,
>    you can have up to 5 remote connections for any ra* program, just
> specify multiple -S options or put multiple servers in the
> .rarc file that you use for your client startup.
> 
>    There are 2 fundamental problems.  Keeping the sources straight,
> so having good source id's for your probes is important, and time
> synchronization, so that the probes are in the same ball park in
> time.
> 
>    All the ra* programs can filter based on srcid, so as long as
> you have good probe id's (different/consistent/same type), then
> you can separate the data as it comes in by probe.
> 
>    The time thing is important to finding records to compare and
> using programs like rasort() can be used to open files from
> different probes and interleaving the records so you
> can make comparisons.
> 
>    Keep the list up on anything that you run into, if you could
> please!!!!!
> 
> Carter
> 
> > From: John Nagro <john.nagro at gmail.com>
> > Reply-To: John Nagro <john.nagro at gmail.com>
> > Date: Thu, 20 Jan 2005 12:47:24 -0500
> > To: <argus-info at lists.andrew.cmu.edu>
> > Subject: [ARGUS] Multiple argus sensors
> >
> > Howdy Folks,
> >
> > A couple questrions concerning the use of multiple argus sensors. I
> > want to monitor more of my network now, not just inbound/outbound to
> > the world, but a lot of internal traffic too. Can one instance of ra
> > listen to multiple sensors? Do the tools understand data-overlap? How
> > will this effect the way i have to manage data to get usefull
> > information from it?
> >
> > Has anyone on the list deployed multiple sensors that work together?
> > What troubles did they run into?
> >
> > (this thread will probably make it into the docs i am working on for
> > the project so the more info the better)
> >
> > -John
> >
> > --
> > John Nagro
> > john.nagro at gmail.com
> >
> 
> 


-- 
John Nagro
john.nagro at gmail.com

More information about the argus mailing list