Developing an Argus client

Carter Bullard carter at qosient.com
Wed May 13 18:54:06 EDT 2009 

Hey Harry,
One key concept is that all the ra* programs in the argus- 
clients-3.0.2 distribution
are example programs, so don't be shy to grab one and use it as a start.

The best example to use the complete library is ./clients/ra.c.  This  
program
takes in a single record, and prints its contents, based on a  
configuration.
If you wanted to write something that processed single records at a  
time, ra.c
is a great starting point.

Copy ./clients/ra.c to ./clients/rawhatever.c, and add lines in the
./clients/Makefile.in so your new program will be compiled.  Below is  
a patch
to ./clients/Makefile.in that adds rawhatever() as a new program to  
compile.
Once you apply the patch,  then do this in the root directory of the  
client distribution:

   % cp ./clients/ra.c ./clients/rawhatever.c
   % ./configure
   % make

At this time, you have a rawhatever() program in ./bin, that can do  
everything,
open files, compressed or not, attach to remote data sources,  
negotiate security
services, filter and process records, etc....  print the contents of  
each record that is
read in, and can write out records to a new file.

The idea is that the library provides main(), and calls out to the  
stub routines that
are defined, in your rawhatever.c file, that deal with the basic  
states of the
program, initialization, processing and termination.

The argus-clients library makes calls to a few routines that you need  
to provide.

The first is ArgusClientInit(), which allows you to initialize  
whatever you need to
initialize before you begin to process argus records.

After your ArgusClientInit() routine returns, the argus library will  
open all the
argus data sources, and start reading records.  After it has read the  
input stream,
and generated the first record, the library applies any configured  
filters, and if the
record passes,  it calls RaProcessRecord(), the routine where you will  
do all the
per record processing.

Every ArgusParser->RaClientTimeout period, the routine  
ArgusClientTimeout() is
called.  This is an opportunity for you to get control to do  
maintenance functions,
timeout things, check for whatever.  By default, it is called every  
second, but you
can change this value, usually in ArgusClientInit().  The program  
rastream() changes
this value, and specifies a lot of stuff to do during these  
ArgusClientTimeout()
calls, so you can use it as an example, although a complicated one.

When a record is ready to be processed, the library calls the routine  
RaProcessRecord().
You supply what to do in this case.  The program ra.c is a great  
example.

When each input source is finished, the routine RaArgusInputComplete()  
is called.
Most programs don't do anything, but rasort.c is a great example of  
what you can
do at the end of each file.  rasort() has an option to sort files in  
place, which means its
going to sort each input file, output the sorted records into a  
temporary file, and then
rename the temporary file to the original filename.  We need to do  
this as each file is
processed.

After all the inputs have closed, the argus-client library will call  
the routine
RaParseComplete().   Here you want to close everything, write out stuff,
deallocate stuff, whatever you need to do after all the records have  
been
read in and processed.  ra.c has a great "flush data to any output  
file that is
interested, and then close them all" strategy that is a minimum.

Hopefully this will get you started, once you get your rawhatever.c to  
do something,
holler if you like, and I'll describe strategies for doing simple and  
not so simple clients.



Carter

----------begin patch-----------
set:clients carter$ diff -c Makefile.in Makefile.in.new
*** Makefile.in	Fri Apr 24 16:53:58 2009
--- Makefile.in.new	Wed May 13 18:22:24 2009
***************
*** 82,88 ****

   SRC = ra.c racount.c rasort.c rasplit.c rastrip.c rabins.c  
racluster.c rahisto.c ralabel.c \
   	rapolicy.c ranonymize.c rapath.c rastream.c ratree.c  
rafilteraddr.c ratimerange.c \
! 	rauserdata.c raservices.c ratemplate.c

   PROGS = @INSTALL_BIN@/ra @INSTALL_BIN@/racount @INSTALL_BIN@/rasort  
@INSTALL_BIN@/rasplit \
   	@INSTALL_BIN@/rabins @INSTALL_BIN@/racluster @INSTALL_BIN@/rastrip \
--- 82,88 ----

   SRC = ra.c racount.c rasort.c rasplit.c rastrip.c rabins.c  
racluster.c rahisto.c ralabel.c \
   	rapolicy.c ranonymize.c rapath.c rastream.c ratree.c  
rafilteraddr.c ratimerange.c \
! 	rauserdata.c raservices.c ratemplate.c rawhatever.c

   PROGS = @INSTALL_BIN@/ra @INSTALL_BIN@/racount @INSTALL_BIN@/rasort  
@INSTALL_BIN@/rasplit \
   	@INSTALL_BIN@/rabins @INSTALL_BIN@/racluster @INSTALL_BIN@/rastrip \
***************
*** 90,96 ****
   	@INSTALL_BIN@/ranonymize @INSTALL_BIN@/rapath @INSTALL_BIN@/ 
rastream \
   	@INSTALL_BIN@/ratree @INSTALL_BIN@/rafilteraddr @INSTALL_BIN@/ 
ratimerange \
   	@INSTALL_BIN@/raports @INSTALL_BIN@/rahosts @INSTALL_BIN@/radark \
! 	@INSTALL_BIN@/rauserdata @INSTALL_BIN@/raservices @INSTALL_BIN@/ 
ratemplate

   all: $(PROGS)

--- 90,97 ----
   	@INSTALL_BIN@/ranonymize @INSTALL_BIN@/rapath @INSTALL_BIN@/ 
rastream \
   	@INSTALL_BIN@/ratree @INSTALL_BIN@/rafilteraddr @INSTALL_BIN@/ 
ratimerange \
   	@INSTALL_BIN@/raports @INSTALL_BIN@/rahosts @INSTALL_BIN@/radark \
! 	@INSTALL_BIN@/rauserdata @INSTALL_BIN@/raservices @INSTALL_BIN@/ 
ratemplate \
! 	@INSTALL_BIN@/rawhatever

   all: $(PROGS)

***************
*** 163,168 ****
--- 164,172 ----
   @INSTALL_BIN@/ratemplate: ratemplate.o $(LIB)
   	$(CC) $(CCOPT) -o $@ ratemplate.o $(LIB) $(COMPATLIB)

+ @INSTALL_BIN@/rawhatever: rawhatever.o $(LIB)
+ 	$(CC) $(CCOPT) -o $@ rawhatever.o $(LIB) $(COMPATLIB)
+
   # We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot
   # hack the extra indirection

----------end patch-----------

On May 13, 2009, at 12:31 PM, Harry Bock wrote:

> Hi all,
>
> I was wondering if I could get any guidance on where to start for  
> developing a new Argus client.  The programming model used in the  
> current Argus clients is a little hard to follow, and there doesn't  
> seem to be a whole lot of documentation in the source code or on the  
> website for developing one.
>
> I have been working on a very similar application for my company,  
> and I've realized that Argus does most of what I'm looking for  
> already, and it's already usable :) If I could leverage Argus as the  
> core of our application, that would save us a lot of development  
> time and headaches, so any hints in the right direction would be  
> very much appreciated.
>
> Regards,
> Harry Bock
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090513/1ace6a46/attachment.bin>

More information about the argus mailing list