Argus feature

[CS Lee]

hi carter,

As for Argus 3.0.4 development, will the netflow v9/ipfix be supported as
well? I think people might love these two data sources especially in flow
world. I definitely like the idea of lsof pulling to map the application to
the flows, for unix - lsof -i, for windows we can use netstat -anob, that's
definitely a plus when comes to understand what application is using what
port.

Wireless wise, I can't wait for that.

Cheers!

Message: 1
Date: Tue, 28 Jul 2009 12:59:48 -0400
From: Carter Bullard <carter at qosient.com>
Subject: [ARGUS] argus-3.0.2 server and client release dates
To: Argus <argus-info at lists.andrew.cmu.edu>
Message-ID: <66DBB41D-7486-4F31-9A81-7F8CDE4D54A2 at qosient.com>
Content-Type: text/plain; charset="us-ascii"

Gentle people,
I'm getting ready to release argus[-clients]-3.0.2.

We had some issues in the last few months that were show stoppers with
a few of the clients, and there were a few requests for argus but I
think we've
addressed all the bugs on the list, ( with the exception of Gunnar's
crashes,
which still look to be packet specific, but I'm not aware of anyone
else having
his problems.  I'm still going through the code trying to find
something).

If you are aware of a bug that I have not addressed, please remind
me!!!!

With the final mods to support older libpcap's for the Bivio 7500,
argus-3.0.1 goes
to argus-3.0.2 (to be consistent with the clients) and we're now frozen.
We are using the even releases as stable, and odd as not.  I messed
up on the
clients, so hopefully now we're back on track with that strategy.

If you have any issues with argus-3.0.1.beta.x, please get your emails
in now.
Especially with things like documentation, rpm spec files, etc.....
The new web site will be the primary documentation repository, so
things like
CHANGES, HOWTOs and FAQs are going to be changed to be references to
the web.

With respect to clients.  I need to document the database and
geolocation
support, but I'm hoping to release the code without having to have the
documentation finalized, just for the sake of time.  I will have some
documentation up on the web site this week, time permitting.

If you have any comments/opinions please send them to me or the list.
All
attitudes are welcome.

After the release, my next steps.

For argus-3.0.4, I'm  moving the full multi-threaded model into the
main thread of code, to turn on a few more of your cores for flow
processing.
This is working fine in a number of places, so it shouldn't be a painful
modification.

Argus-3.0.4 will get the argus "events" modules, where argus can poll
SNMP
counters and gather data from /dev/proc (for machines that have /dev/
proc).
The purpose of this is to bring other data into the flow data stream for
cross-dimensional correlation.  Practically, this means that you can
have argus
periodically run "lsof" on an end system where it is running, to get
application
information for the flows.

The basic argus is already working very well,  however, I need to work
on client parsers for the data types that we report.

Argus-3.0.4 is also going to be the version of the wireless argus,  so
suggestions for tracking wireless hosts for operations, performance
and security
will be the primary topics.

And to support client development, I'm working on shared libraries for
the
clients.

Hope all is most excellent, and again, thanks for all the help and
support!!!!!!


Carter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
Url :
https://lists.andrew.cmu.edu/mailman/private/argus-info/attachments/20090728/1109ee61/attachment-0001.bin

-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090729/68aba15a/attachment.html>