FloCon argus tutorial

[Carter Bullard]

Gentle people,
Historically, I've given a 4 hour tutorial on various aspects of argus, on the first day of FloCon
conferences.  Over the years, I've talked about argus's architecture, theory of operation, new
flow concepts, current uses, advanced features, etc….  I do hope that attendee's
have found them interesting and helpful.

I'm hoping to do the same thing again at FloCon 2013, which is Jan 7-10, 2013 in
Albuquerque, NM, if there is interest.   I would like to get some feedback on what would
be good topics.

There are two topics that I am developing that are good candidates:
   1.	Meta-data processing in Argus, which will be a 4 hour tutorial on the meta-data support in argus
	and argus clients.  You should know these as argus labels, which support geolocation tagging, application
	identification tags and user defined labeling of flows and traffic.  In this tutorial I would talk about how
	to use things like ARGUS_EVENTS to tag flows with the application, user and process id from the
	end system, content specific labeling, and advanced analytic tagging.

   2. Argus large scale data analytics. Argus has support for large scale data analytics already built into
	its design architecture.  This talk would talk about that and strategies for doing very large scale
	searching and alarm/alerting.

But the choices are not limited to these topics, these are just ones that I'm actively working on.
Are there other topics that you would like for me to talk about for 4 hours?  Please post either
to the mailing lists, or send email directly to me, especially if you want to flame or embarrass.

Hope all is most excellent, and consider going to FloCon 2013.  I've never been to New Mexico,
should be fun !!!!

Carter


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2589 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120908/8a1ef197/attachment.bin>