ARGUS and Endace(re: Emulex) DAG Cards

Carter Bullard carter at qosient.com
Thu Feb 13 14:46:18 EST 2014


Hey Guys,
We have native DAG driver support, but like Jesse sez,
using the Endace libpcap library is the way to go unless you
need to go very fast, and the libpcap limitations get in the
way.

Use argus to read packets off the wire, don’t do the packet
file strategy unless you want to keep the packet files for
some reason.  Then use the ra* programs to collect and store
the flow data, which you then analyze for forensics, or
ops or performance management.

Use the ./configure —with-libpcap=DIR option to point the
packages at the Endace libpcap library.  If you have any
problems, just holler !!!

Carter

On Feb 13, 2014, at 2:36 PM, Jesse Bowling <jessebowling at gmail.com> wrote:

> Hi James,
> 
> If I'm remembering correctly, Endace provides a custom libpcap, is that correct? If so, you would just need to compile argus against that libpcap and then use argus directly on the stream...Of course, you could also generate pcaps and run argus against them in a scripted fashion, which might be good for your workflow, but you'd lose the realtime options of the various clients...Just depends on what you want to do! :)
> 
> Cheers,
> 
> Jesse
> 
> 
> On Thu, Feb 13, 2014 at 2:27 PM, James Grace <jgrac002 at fiu.edu> wrote:
> Good Afternoon,
> I've read from various sources on the intertubes that ARGUS can be used to in conjunction with DAG cards.  I was wondering how this is usually done. Does one use the DAG software to created the tracefiles and convert them to pcap for argus-clients to use, or does one use ARGUS itself?
> 
> Cheers,
> -james
> 
> -- 
> James H. Grace
> Senior Network Engineer
> AMPATH / CIARA
> Florida International University
> +1-305-348-8077
> 
> 
> 
> 
> -- 
> Jesse Bowling
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140213/f992c692/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140213/f992c692/attachment.sig>


More information about the argus mailing list