Argus Database.

Russell Fulton r.fulton at auckland.ac.nz
Sat Mar 12 15:13:13 EST 2005


On Sat, 2005-03-12 at 17:07 +1100, Chris Keladis wrote:
> Snort employs a high-speed outfile format called unified output, which 
> is read by a post-processor, and using checkpoints, writes the data into 
> the RDBMS, leaving Snort free to handle the task of performing IDS.
> 
> Perhaps a similar tool would be useful with Argus?

The argus equivalent of 'unified' output is the plain old argus log file
which is extremely efficient to read and write.

So what is missing is an 'rasql' which will read argus input and perform
inserts on a database.

I doubt if one would want to store all the data in an argus record in
the database -- what ra prints by default would do just about all I
would want.  As Mark says it is very much a matter of what you to do
with the data that should govern what you collect and keep.

Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20050313/66b9165a/attachment.bin>


More information about the argus mailing list