new argus-clients-3.0.7.14 on the server

Carter Bullard carter at qosient.com
Tue Aug 20 19:17:11 EDT 2013 

Hmmmm, I'll take another look tonight.  It was working here with your file...frustrating !!!

Carter

On Aug 20, 2013, at 6:15 PM, "David Edelman" <dedelman at iname.com> wrote:

> Carter,
> 
> I'm having the exact same problem as before. 
> 
> I did a clean install after changing the string in VERSION so that I knew
> that I was using new code. I applied the argus_label.c change which didn't
> make any difference. I created .debug and .devel; make clobber, ./config;
> make; make install and ran under gdb and it is the same picture.
> 
> The instances of rasqlinsert taking data from radium are as happy as clams. 
> 
> What additional material can I collect for you?
> 
> --Dave
> 
> -----Original Message-----
> From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
> [mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On
> Behalf Of Carter Bullard
> Sent: Tuesday, August 20, 2013 10:59 AM
> To: Argus
> Subject: [ARGUS] new argus-clients-3.0.7.14 on the server
> 
> Gentle people,
> New client code up on the server.  This release fixes all
> known bugs that has been reported on the list, as well as
> having major modifications to rapath().
> 
> New code has been added as guards around the reported
> label problems, but I am not sure that it has fixed
> the problem.  If we could test that, that would be great !!!
> 
> We've made some big changes to rapath().  rapath() extracts
> topology information from argus data.  Basically it takes all
> data that has ICMP TXD messages mapped to it, and tabulates path
> information where it can.  This has the effect of capturing all
> traceroutes() that are observed by argus, regardless of the
> techniqu;  UDP, TCP or ICMP based, weather its vanilla or paris method,
> or several of the proprietary strategies seen in intrusions.
> 
> We've changed the default output of the graph that rapath.1
> generates (using the -A option) to include the srcid, saddr
> and daddr, so that you can build topology from just the
> graphs.  I'll add the stime and duration as well, but need
> to figure out some command line options to control all these
> new fields.  Also rapath() is going to get a realtime mode,
> currently, its a " read a file, generate some output " type of
> tool.
> 
> Please grab this code and give it a run.  I'm hoping to
> release 3.0.7.x as 3.0.8 in the next month, so if there are
> any gotchas, don't hold back.
> 
> Carter
>

More information about the argus mailing list