Argus-info Digest, Vol 18, Issue 12

CS Lee geek00l at gmail.com
Mon Feb 12 21:37:46 EST 2007 

Carter,

Yup, radump should be needed or else making full use of ragrep is kinda
tricky. Anyway I'm back again to test out argus after some idle periods.

Gentoo and bsd will be my main testing platforms, hopefully it helps.

Cheers.

On 2/13/07, argus-info-request at lists.andrew.cmu.edu <
argus-info-request at lists.andrew.cmu.edu> wrote:
>
> Send Argus-info mailing list submissions to
>         argus-info at lists.andrew.cmu.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
> or, via email, send a message with subject or body 'help' to
>         argus-info-request at lists.andrew.cmu.edu
>
> You can reach the person managing the list at
>         argus-info-owner at lists.andrew.cmu.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Argus-info digest..."
>
>
> Today's Topics:
>
>    1.  argus-3.0 client program list (Carter Bullard)
>    2. Re:  Expanding the width of columns in ra output
>       (specifically     the hostname column) (John Wade)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 11 Feb 2007 19:36:05 -0500
> From: Carter Bullard <CARTER at QOSIENT.COM>
> Subject: [ARGUS] argus-3.0 client program list
> To: Argus <argus-info at lists.andrew.cmu.edu>
> Message-ID: <2D994F5D-D20B-4983-89F4-A83E88C5AF25 at QOSIENT.COM>
> Content-Type: text/plain; charset="us-ascii"
>
> Gentle people,
> I am finishing up the list of client programs that will be in the
> distribution
> when we release.  Below is the list of existing clients in the
> argus-2.0 client
> distribution:
>
> -rwxrwxr-x    1 argus      661055 Oct 20 13:48 ra
> -rwxrwxr-x    1 argus      654955 Oct 20 13:48 racount
> -rwxrwxr-x    1 argus      663342 Oct 20 13:48 ragator
> -rwxr-xr-x    1 argus       24327 Jul 17  2006 ragraph
> -rwxrwxr-x    1 argus      780599 Jul 17  2006 ragrep
> -rwxrwxr-x    1 argus      698026 Oct 20 13:48 rahistogram
> -rwxrwxr-x    1 argus      655706 Oct 20 13:48 rahosts
> -rwxrwxr-x    1 argus      670595 Oct 20 13:48 ramon
> -rwxrwxr-x    1 argus      686178 Oct 20 13:48 ranonymize
> -rwxrwxr-x    1 argus      665621 Oct 20 13:48 rapath
> -rwxrwxr-x    1 argus      664373 Oct 20 13:48 rapolicy
> -rwxrwxr-x    1 argus      659597 Oct 20 13:48 rarpwatch
> -rwxrwxr-x    1 argus      653375 Oct 20 13:48 raseq
> -rwxrwxr-x    1 argus      652513 Oct 20 13:48 rasort
> -rwxrwxr-x    1 argus      667764 Oct 20 13:48 rasrvstats
> -rwxrwxr-x    1 argus      654483 Oct 20 13:48 rastrip
> -rwxrwxr-x    1 argus      705736 Oct 20 13:48 ratop
> -rwxrwxr-x    1 argus      673317 Oct 20 13:48 raxml
>
> I am proposing to modify the list, and to add a few new
> example programs.  The clients in the current
> argus-3.0 release is/are:
>
> -rwxr-xr-x   1 carter  1209780 Feb 11 18:56 ra
> -rwxr-xr-x   1 carter  1231084 Feb 11 18:56 rabins
> -rwxr-xr-x   1 carter  1218476 Feb 11 18:56 racluster
> -rwxr-xr-x   1 carter  1224324 Feb 11 18:56 racount
> -r-xr-xr-x   1 carter    46641 Feb 11 18:56 ragraph
> -rwxr-xr-x   1 carter  1399344 Feb 11 18:56 ragrep
> -rwxr-xr-x   1 carter  1210300 Feb 11 18:56 rahisto
> -rwxr-xr-x   1 carter  1314348 Feb 11 18:56 ramatrix
> -rwxr-xr-x   1 carter  1215876 Feb 11 18:56 rapolicy
> -rwxr-xr-x   1 carter  1209784 Feb 11 18:56 rasort
> -rwxr-xr-x   1 carter  1217504 Feb 11 18:56 rasplit
> -rwxr-xr-x   1 carter  1205916 Feb 11 18:56 rastrip
> -rwxr-xr-x   1 carter  1307200 Feb 11 18:56 ratop
>
> ragator() and ramon() have been replaced with racluster().
> rahistogram() has been replaced with rahisto().
> rahosts() as a C program is being replaced with racluster(),.
>     and a rahosts.pl perl example is being added that provides
>     a different type of address reporting.
>
> The missing programs and their status are:
>     ranonymize() - this program is being ported even now as I type.
>     rapath() - this program will be ported this week.
>     rarpwatch() - this will be in the distribution.
>     raseq() - dropped.
>     rasrvstats() - dropped (will be added back in next round).
>     raxml() - last program to be ported.
>
> I will be adding an additional program:
>     raports.pl - this program reports what ports are used by
>                         IP address and protocol.  This will provide a
>                         port inventory (companion program to rahosts.pl)
>
> And I am thinking about adding these programs:
>     radump - this program provides tcpdump() decoding for
>                       the user data buffer.
>
> radump() is partially done, in that I haven't ported all the tcpdump
> decoders to
> the program, but many have been, including, beep, bfd, bgp, bootp,
> domain, l2tp,
> ldp, lmp, msdp, ntp, pim, pptp, rip, snmp, syslog, telnet, tftp,
> timed, etc....
>
> If this list is agreeable, we should be nearing the end, so to speak.
>
> Carter
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.andrew.cmu.edu/mailman/private/argus-info/attachments/20070211/def527db/attachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Mon, 12 Feb 2007 09:50:36 -0600
> From: John Wade <jwade at oakton.edu>
> Subject: Re: [ARGUS] Expanding the width of columns in ra output
>         (specifically   the hostname column)
> To: Peter Van Epp <vanepp at sfu.ca>
> Cc: argus-info at lists.andrew.cmu.edu
> Message-ID: <45D08CCC.1050603 at oakton.edu>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Thanks Peter,
>
> I switched over to the latest 3.0 build and it works perfectly.  Does
> exactly what I need (adjustable column widths) and reads to 2.0.6
> archived files.
>
> Thanks for the help,
> John Wade
>
> Peter Van Epp wrote:
> > On Wed, Feb 07, 2007 at 09:53:45AM -0600, John Wade wrote:
> >
> >> Hi Argus Folks,
> >>
> >> First of all, thanks to everyone involved in making argus, this is a
> >> great tool we have been using for a couple of months now.
> >> I apologize if this question has been answered  in the list archives or
> >> in the documentation, (I searched through both as best I could) and
> also
> >> wandered through the source code trying to see where this was set.
> >>
> >> In argus 2.0.6, I would like to expand the number of characters
> >> allocated to the hostname in the ra output (when not using the -n
> >> switch)   If this is configurable, please let me know otherwise if
> >> someone can direct me to the location in the source I would appreciate
> it.
> >>
> >> Also, is argus 3.0 considered stable enough that we should switch?
> >>
> >> Thanks in advance for your assistance,
> >> John Wade
> >>
> >
> >       As I recall 2.0.6 fields are fixed length. It will be in
> > common/argus_util.c in the clients source code (PrintSrcAddr() probably,
> > something like that anyway).
> >       3.0 is pretty much stable and you would probably be better to move
> to
> > that (which does have variable length fields).
> >
> > Peter Van Epp / Operations and Technical Support
> > Simon Fraser University, Burnaby, B.C. Canada
> >
> >
>
>
> ------------------------------
>
> _______________________________________________
> Argus-info mailing list
> Argus-info at lists.andrew.cmu.edu
> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
>
>
> End of Argus-info Digest, Vol 18, Issue 12
> ******************************************
>



-- 
Best Regards,

CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070213/e52b2aa5/attachment.html>

More information about the argus mailing list