argus-3.0 status - looking much better

Robin Gruyters r.gruyters at yirdis.nl
Mon Jun 19 03:41:30 EDT 2006 

Hello Carter,

Here are my (open) issues with argus-clients 3.0:

- racount with option -a not working:
   I still get a "filter syntax error" when using the -a option.

- ragraph not working:
   When executing the following command "ragraph bytes dport -M 5m -r  
/data1/argus/argus.radium-20060619" I get the following message:
   /usr/local/bin/ragraph: unable to update  
`/var/tmp/tmp.0.ak23NK.rrd': Not enough arguments

racluster and ratop works fine.

Also noticed that the timestamp has changed with argus 3.0. Before  
with argus* 2.0.6 it shows you the date and time, but now I only see  
the time.

[argus 2.0.6]
19 Jun 06 09:33:09           icmp   82.148.219.XX   ->  XX.XXX.XXX.XXX  
  3        210          URP
[end argus 2.0.6]

[argus 3.0.0.rc.*]
09:36:46.238770            icmp       XXX.XXX.X.XX 7         ->         
    10.8.0.2 113           1         98   ECR
[end argus 3.0.0.rc.*]

That is it. (for the moment)

Regards,

Robin Gruyters
Network and Security Engineer
Yirdis B.V.
I: http://yirdis.com
P: +31 (0)36 5300394
F: +31 (0)36 5489119

Quoting Carter Bullard <carter at qosient.com>:

> Gentle people,
> Argus-3.0 is getting close to being compilable on all supported platforms
> hopefully without warnings out of the box.   The next step will be   
> to validate
> that we've got good 2.0 -> 3.0 backward compatibility, which so far, looks
> very good.   By compatibility, we should be able to read argus-2.0 data, and
> we should get the same results, (with a few minor exceptions).
>
> Currently, if you read 2.0 data and convert it to 3.0 format (which all the
> programs will do), you will get smaller files, as we are being much more
> efficient with how we represent data structures and values.   Possibly up
> to 20% reduction.
>
> So far, all the clients should be working with both 2.0 and 3.0 data.
> Of particular interest should be ratop() as there are huge improvements
> on its function, etc....   ragraph() is also much better, and hopefully
> some people, will run it  and give some comments.
>
> Default behaviors should be the same, so if we need to change the
> default printing behavior of ra* programs, or we need to change a
> column width, or whatever, getting that addressed would be great.
> All I need is a note saying this is inconsistent, etc.....
>
> After this step, its on to documentation (which I'll start patching on
> monday with the suggested man patches to date), especially
> the documentation for the new programs, racluster() and rasplit().
>
> Thanks for all the efforts, and looks like we're on our way to an
> official release maybe in the next few weeks!!!!!!
>
> Hope all is excellent,
>
> Carter

More information about the argus mailing list