Argus-info Digest, Vol 13, Issue 16

CS Lee geek00l at gmail.com
Thu Sep 21 02:26:12 EDT 2006 

Richard,

Regarding argus and sguil, I think most properly sguil doesn't has to be
able to eat netflow data since argus can take it. However seriously we need
to know how argus can work well with sguil because the analysis on sancp in
sguil can be done via mysql query, but I think argus relies more on its
client to filter all sort of useful data to accomodate with the alert data.

My 5 cents.

On 9/20/06, argus-info-request at lists.andrew.cmu.edu <
argus-info-request at lists.andrew.cmu.edu> wrote:
>
> Send Argus-info mailing list submissions to
>         argus-info at lists.andrew.cmu.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
> or, via email, send a message with subject or body 'help' to
>         argus-info-request at lists.andrew.cmu.edu
>
> You can reach the person managing the list at
>         argus-info-owner at lists.andrew.cmu.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Argus-info digest..."
>
>
> Today's Topics:
>
>    1. Re:  minor compile issue on rc29 (carter at qosient.com)
>    2. Re:  minor compile issue on rc29 (Andreas ?stling)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 19 Sep 2006 11:42:36 +0000
> From: carter at qosient.com
> Subject: Re: [ARGUS] minor compile issue on rc29
> To: " Andreas ?stling " <andreaso at it.su.se>,    "Argus"
>         <argus-info at lists.andrew.cmu.edu>
> Message-ID:
>         <
> 536528474-1158666299-cardhu_blackberry.rim.net-29996467- at bwe044-cell00.bisx.prod.on.blackberry
> >
>
> Content-Type: text/plain; charset="Windows-1252"
>
> Is this true of all OpenBSD's?  I thought we cleared this up 2-3 months
> ago!!!
>
> Carter
>
> Carter Bullard
> QoSient LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
> -----Original Message-----
> From: Andreas Östling <andreaso at it.su.se>
> Date: Tue, 19 Sep 2006 12:59:16
> To:argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] minor compile issue on rc29
>
>
> I get this error when compiling argus-rc29 on OpenBSD 3.9:
>
> argus_util.c:2141: error: conflicting types for `ether_hostton'
> /usr/include/netinet/if_ether.h:304: error: previous declaration of
> `ether_hostton'
>
> OpenBSD (at least 3.9) use const char *, struct ether_addr * so simply
> removing the conflicting __OpenBSD__ hook will make it work again.
>
> --- argus_util.c.org    Tue Sep 19 12:51:06 2006
> +++ argus_util.c        Tue Sep 19 12:51:29 2006
> @@ -2137,11 +2137,7 @@
> };
> #endif
> #if !defined(__APPLE_CC__) && !defined(__APPLE__)
> -#if defined(__OpenBSD__)
> -extern int ether_hostton(char *, struct ether_addr *);
> -#else
> extern int ether_hostton(const char *, struct ether_addr *);
> -#endif
> #endif
> #endif
>
>
> /Andreas
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 19 Sep 2006 14:12:53 +0200 (CEST)
> From: Andreas ?stling <andreaso at it.su.se>
> Subject: Re: [ARGUS] minor compile issue on rc29
> To: carter at qosient.com
> Cc: Argus <argus-info at lists.andrew.cmu.edu>
> Message-ID: <Pine.BSO.4.64.0609191355530.4029 at nitzer.it.su.se>
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
>
> On Tue, 19 Sep 2006, carter at qosient.com wrote:
>
> > Is this true of all OpenBSD's?  I thought we cleared this up 2-3 months
> ago!!!
> >
> > Carter
>
> I now see you probably changed this after the
> "racluster and TopN" thread recently (previous RCs compiled fine here)
> where the same/reversed problem was reported.
>
> Here is the answer:
>
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/if_ether.h.diff?r1=1.34&r2=1.35&f=h
>
> I.e. The OpenBSD folks changed it in early 2005, which implies the
> bug reporter use some old OS version. 3.8 and 3.9 are currently the
> only versions that are officially supported so I personally don't think
> we should care much about other versions.
>
> /Andreas
>
>
> ------------------------------
>
> _______________________________________________
> Argus-info mailing list
> Argus-info at lists.andrew.cmu.edu
> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
>
>
> End of Argus-info Digest, Vol 13, Issue 16
> ******************************************
>



-- 
Best Regards,

CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060921/b5108797/attachment.html>

More information about the argus mailing list