updates for argus-2.x compatbility and database support

Carter Bullard carter at qosient.com
Tue Feb 24 01:47:59 EST 2009


Gentle people,
I am working on a major release of the clients this week and I should
have a package hopefully by Thurs/Fri (if nothing gets in the way).

The primary function is to get general bug fixes into the main release.
And backward compatibility was the bug of the week, last week, so I'm
working on that.

Many "standard" programs will have a number of tweaks to fix bugs that
have come up, that have not hit the mailing list.  While it will be a  
lot of
changes, , these programs have been stable for quite some time, so I'm
hoping that we won't have a lot of little problems.  Testing will need  
to
be done, however.

rabins(), rasplit() and rastream() have all had a lot of work done to  
support
aggregations units smaller than 1 second.  So that you can specify bin
sizes down to a uSec.   This is important in our high performance stream
analysis work.  Maybe not for everyone, but the code is doing much  
better
with these changes.

And we will have support for flow labeling in radium(), where you can
slip ascii metadata into the records to "pump up" the semantics.  This
is really cool, and will take some discussions on the list to use it  
to the
fullest.

This major version release of the clients will have a lot of new  
undocumented
programs, but I will try to start describing them on the mailing list  
this week.
They cover two primary areas, user data analysis and database support.
It maybe possible that I only have one of these ready, but I'm working  
on both.

The database support causes one major change.  We will need to print
"sport" and "dport" values for ICMP flows.  This is guarantee that all  
flow
records will have a unique flow key, so we won't have trouble stuffing
ICMP flows into an indexed database table of argus records.

I seem to be in my office this week, which is a real surprise, so  
hopefully
I can make some progress.

A new release of argus will follow a month later, with support for  
packet
size and interpacket arrival histogram reporting, as well as a new
ArgusEvent feature, where we can collect SNMP, /proc, and lsof() data
and send them in the argus data stream.

This is primarily to tag flows with the applications that generated  
them.

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax






More information about the argus mailing list