Graph of the Week at http://qosient.com/argus

Russell Fulton r.fulton at auckland.ac.nz
Sun Sep 17 17:19:56 EDT 2006



Richard Bejtlich wrote:

> 
> Two, we're not sure how best to accommodate Argus' record creation
> model, where data is written to a non-text format with potentially
> multiple records for the same session.  Do we let Argus write records,
> run ra against them, output to a text file, and then parse the results
> for insertion into the database?  Or do we avoid a db entirely and
> have Sguil invoke ra against Argus records?

I suspect the best way to do this is to write a new client using ra as a
model which includes some features of ragator/racluster to handle the
multiple records.  Argus clients are relatively straight forward once
you get your head around the way they work.  The new client could either
be callable from C or run from the command line .

Russell
> 



More information about the argus mailing list