updates for argus-2.x compatbility and database support

Ken A ka at pacific.net
Thu Feb 26 09:20:07 EST 2009 

Carter Bullard wrote:
> Gentle people,
> I am working on a major release of the clients this week and I should
> have a package hopefully by Thurs/Fri (if nothing gets in the way).
> 
> The primary function is to get general bug fixes into the main release.
> And backward compatibility was the bug of the week, last week, so I'm
> working on that.
> 
> Many "standard" programs will have a number of tweaks to fix bugs that
> have come up, that have not hit the mailing list.  While it will be a 
> lot of
> changes, , these programs have been stable for quite some time, so I'm
> hoping that we won't have a lot of little problems.  Testing will need to
> be done, however.
> 
> rabins(), rasplit() and rastream() have all had a lot of work done to 
> support
> aggregations units smaller than 1 second.  So that you can specify bin
> sizes down to a uSec.   This is important in our high performance stream
> analysis work.  Maybe not for everyone, but the code is doing much better
> with these changes.
> 
> And we will have support for flow labeling in radium(), where you can
> slip ascii metadata into the records to "pump up" the semantics.  This
> is really cool, and will take some discussions on the list to use it to the
> fullest.
> 
> This major version release of the clients will have a lot of new 
> undocumented
> programs, but I will try to start describing them on the mailing list 
> this week.
> They cover two primary areas, user data analysis and database support.
> It maybe possible that I only have one of these ready, but I'm working 
> on both.
> 
> The database support causes one major change.  We will need to print
> "sport" and "dport" values for ICMP flows.  This is guarantee that all flow
> records will have a unique flow key, so we won't have trouble stuffing
> ICMP flows into an indexed database table of argus records.
> 
> I seem to be in my office this week, which is a real surprise, so hopefully
> I can make some progress.
> 
> A new release of argus will follow a month later, with support for packet
> size and interpacket arrival histogram reporting, as well as a new
> ArgusEvent feature, where we can collect SNMP, /proc, and lsof() data
> and send them in the argus data stream.
> 

That sounds like a lot of data, and useful too. Will this enable me, 
with the proper query, to access lsof data, like 'open files' of a pid 
that  also had an open network connection that is of interest? That 
would be quite helpful in a hosting environment. And I can stuff it all 
into mysql too? very nice! Or am I dreaming?
Thanks,
Ken


> This is primarily to tag flows with the applications that generated them.
> 
> Carter Bullard
> CEO/President
> QoSient, LLC
> 150 E 57th Street Suite 12D
> New York, New York  10022
> 
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
> 
> 
> 


-- 
Ken Anderson
Pacific Internet - http://www.pacific.net

More information about the argus mailing list