Updating my argus settup...

[Russell Fulton]

After doing very little (apart from downloading a new version once a year or so) to my argus setup since 3.0 was launched I now find I have the time and resources to revisit things.  I know the basics remain the same but we have a bunch of new tools like radium and database integration that I need to catch up on.

Any specific things that I should look at up front?  (radium and databases are already on the list).

One question I have is about merging flows from separate sensors using radium.  I have sensors both inside and outside the firewall and on the inside of various NATted networks.  I take it that it would make sense to put all this data into a single stream?  There will be duplicate flows for stuff going through the firewall but that will be fine. 


At the moment I move hourly files up to  a repository via ssh/scp.

Has there been any progress on non cli visualisation tools?  I really want to get a wider group using the data we have but the need to ssh in to somewhere and figure out what files you need to look at defeats many.

Russell