Status of SNMP / events modules in Argus?

Carter Bullard carter at qosient.com
Mon Jun 6 10:56:49 EDT 2011


Hey Daniel,
Oh yes, it is in 3.0.4 and 3.0.5.x, which is the current development thread.
This is a part of the ARGUS_EVENT support that is documented in argus.conf.
There is an events directory, with a README in it that should get you started.

We provide a set of sample prorgams are provided in ./events, argus-lsof, argus-snmp
and argus-vmstat.  I'd consider this still "development" stuff, but it works well, just
need more people to use it.

These programs generate XML - like ascii output that is optionally compressed
by argus and transported along with argus data through the argus collection pipeline.

We have a separate program, raevent() for reading the data.  It basically reads the 
argus data stream and prints out whatever events it gets in the stream.  We don't have
specific database processing support yet for the events.  I had imagined that the XML
like ascii would import very easily.

Please send email to me or the list if you give this a try and like, love it or hate it.
Need to make progress on this important feature.

Thanks!!!!!
 
Carter


On Jun 5, 2011, at 5:29 PM, Daniel Clark wrote:

> Found this in mailing list archives -
> http://article.gmane.org/gmane.network.argus/6704
> 
> """
> Argus-3.0.4 will get the argus "events" modules, where argus can poll
> SNMP counters and gather data from /dev/proc (for machines that have
> /dev/proc). The purpose of this is to bring other data into the flow
> data stream for cross-dimensional correlation.  Practically, this
> means that you can have argus periodically run "lsof" on an end system
> where it is running, to get application information for the flows.
> """
> 
> However I can't find any other doc or info on this - did it ever
> happen, and if it did could someone speak to if it is working well for
> them?
> 
> If not, anyone know of a tool that will work with SNMP info and make a
> database queryable with command line tools along the lines of argus?
> 
> Application is tracking bandwidth use / MACs on a small dorm network
> where we don't have root on all the switches to set up traffic flows
> to the argus server, but where we do have SNMP access to this
> information.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110606/7bc853ff/attachment.bin>


More information about the argus mailing list