latest argus?

Peter Van Epp vanepp at sfu.ca
Wed Mar 8 22:21:21 EST 2006 

On Wed, Mar 08, 2006 at 05:08:49PM -0800, Peter Moody wrote:
> ok, you're right. checking the time stamps on the fixes.1.tar.gz,
> that's from may of 04.  What I was referring to was an email you sent
> with a link to those files.  that was the first time I'd seen that dev
> site.
> 
> so, the "current" is two years of patches maintained on a mailing
> list?  With options becoming incompatible/obsolete between patches? 
> Is that right?
> 
> -Peter
> 

	Well, thats one way of looking at it I suppose :-). Another way of 
looking at it is that it is an open source project that gets support when
time is available between paying the bills. I know of a couple of commercial
"equivelents" to argus (for some value of equivelent) and Carter sells a 
commercial version of argus (which along with consulting, pays his bills I 
believe) so I for one am grateful for the open source version but there are
options.
	I'm still running argus in production (and using it to fight off 
commecial IPS/IDS vendors quite successfully :-)) after around 10 years or so. 
	Its not so much that the options are changing, its more (and I'm as 
guilty as anyone) that we haven't been updating the man pages to match the 
code. Sometimes the cli options aren't exactly the same as the config file 
ones which is why I added -nnn to the cli, to supress all translations (which 
can be done from the config file but didn't used to be from the cli). Most of 
the patches are in the clients which are mostly an example on how to write your 
own (which I tend to do in perl rather than C :-)). Only a couple are in argus 
itself and have mostly been bugs found while running on production networks of 
various kinds. Mine has certainly caused a number of cores over the years which 
typically I fix and supply the patch (and sometimes have had to wait for 
Carter to get time to be able to see where the problem is) which Carter then 
puts in to the next release candidate and we all gain. 
	I expect most all the patches I'm accumulating are already in the code 
base, its mostly to make sure nothing got missed and make it easier to get as 
current as possible before a new release (which may take some time, I hadn't 
realized it was 2 years until I looked at the date stamp on fixes.1 for 
instance) that I'm collecting them. Slowly of course :-). Once I get the 
patches done then I'll put out a new version of my traffic collecting perl 
scripts as well.
	The printing patch came about as a result of someone I know using argus
asking why he couldn't print out all the fields at once. I'd never needed to 
do that and thus hadn't tried (the parts I use worked fine already). When I
pulled on that string I found a bunch of things that worked less than optimally
(at least in my view, Carter may disagree :-)) and a seg fault which was making
the full print out not work so I fixed them because I can :-). I may have in 
fact broken a bunch of other things while doing so. 
	I asked about the newer version of argus because you aren't the first
person to mention it and I wanted to make sure I hadn't missed a new version
somewhere I wasn't looking (patching against an old version is silly :-)).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the argus mailing list