ARGUS and Endace(re: Emulex) DAG Cards

Carter Bullard carter at qosient.com
Mon Feb 24 15:05:37 EST 2014


Hey James,
Compile with debug support, run argus with an additional -D8,
and then send the complete output of the run to the list.
That would represent the minimum we would need to see for
a bug report ??

So does /dev/dag1 exist ???

Carter

On Feb 24, 2014, at 2:42 PM, James Grace <jgrac002 at fiu.edu> wrote:

> Hi All, 
> Now that I've compiled Argus against the DAG PCAP library, how is it that I run argus on the DAG interface?
> 
> argus -i dag1 throws an unknown interface error. 
> 
> Thanks a bunch.
> -james
> 
> On 02/13/2014 02:46 PM, Carter Bullard wrote:
>> Hey Guys,
>> We have native DAG driver support, but like Jesse sez,
>> using the Endace libpcap library is the way to go unless you
>> need to go very fast, and the libpcap limitations get in the
>> way.
>> 
>> Use argus to read packets off the wire, don’t do the packet
>> file strategy unless you want to keep the packet files for
>> some reason.  Then use the ra* programs to collect and store
>> the flow data, which you then analyze for forensics, or
>> ops or performance management.
>> 
>> Use the ./configure —with-libpcap=DIR option to point the
>> packages at the Endace libpcap library.  If you have any
>> problems, just holler !!!
>> 
>> Carter
>> 
>> On Feb 13, 2014, at 2:36 PM, Jesse Bowling <jessebowling at gmail.com> wrote:
>> 
>>> Hi James,
>>> 
>>> If I'm remembering correctly, Endace provides a custom libpcap, is that correct? If so, you would just need to compile argus against that libpcap and then use argus directly on the stream...Of course, you could also generate pcaps and run argus against them in a scripted fashion, which might be good for your workflow, but you'd lose the realtime options of the various clients...Just depends on what you want to do! :)
>>> 
>>> Cheers,
>>> 
>>> Jesse
>>> 
>>> 
>>> On Thu, Feb 13, 2014 at 2:27 PM, James Grace <jgrac002 at fiu.edu> wrote:
>>> Good Afternoon,
>>> I've read from various sources on the intertubes that ARGUS can be used to in conjunction with DAG cards.  I was wondering how this is usually done. Does one use the DAG software to created the tracefiles and convert them to pcap for argus-clients to use, or does one use ARGUS itself?
>>> 
>>> Cheers,
>>> -james
>>> 
>>> -- 
>>> James H. Grace
>>> Senior Network Engineer
>>> AMPATH / CIARA
>>> Florida International University
>>> +1-305-348-8077
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> Jesse Bowling
>>> 
> 
> -- 
> James H. Grace
> Senior Network Engineer
> AMPATH / CIARA
> Florida International University
> +1-305-348-8077

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140224/65578eff/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140224/65578eff/attachment.sig>


More information about the argus mailing list