[ARGUS] Argus development and testing

Carter Bullard carter at qosient.com
Thu Jun 2 11:10:25 EDT 2022 

For the list … the master branch on GitHub for both argus and the clients is stable and good to go … Sehan’s experience was caused by my transitioning all of my development to Apple silicon, and not getting all the code dependencies to that machine … The new GitHub master code for argus and clients is currently coming from ArgusPro which is 3 years in production now, so I feel confident in the current argus codebase.   

We’re maintaining an official master and a master-dev branch in both argus and the clients distributions.  Master is production, master-dev is intended for new features.   Currently, we’re adding racompare.1 to master-dev, which is a part of the ML effort that will be coming out … racompare.1 compares two argus data sets, either files or streams or a combo of the two and provides scores of change.  The logic is used in the ML Python library which we will be pushing out hopefully this month.   racompare.1 code is designed to provide support for specifying a ‘baseline’ of flow records and comparing the baseline against another set of records and indicating the matches and the non-matches.  ML wants this type of scoring to do anomaly detection, so that it can quantify / recognize differences.  

As major issues are discovered in master, I’ll push fixes to that branch quickly, but for non critical problems we’ll fix in master-dev …  We’ll transition master-dev into master as features are matured and I’ll try to keep master-dev sync’d with any changes in master.

The open argus primary development environment is now MacOS, Ubuntu (jammy jellyfish) and Windows 11 running on Apple silicon (ARM), and MacOS, Ubuntu and Windows 10,11 on Intel i9 processors. Ubuntu and Windows are run as VMs on MacOS (either M1 or Intel i9) using either VMware or Parallels.   Windows 11 for the most part is currently argus only, and MacOS, Ubuntu (and all the other OS’s) are argus and clients.

Because ARM can be big-endian and Intel is always little-endian, we check that the output is readable on either platforms regardless of sensor or client hardware.   Argus still runs on Sparc and many big-endian ARM environments, so we’re still concerned with endian-ness with data generation and processing.   Almost all the modern hardware is now little-endian (apple silicon, raspberry pi, intel) … but network packet byte order is still big-endian so its always a concern ...

The gcc arm compilers for Ubuntu 22.04 LTS (jammy) seem to complain a bit more aggressively compared to the MacOS compilers or the Ubuntu 20.04 LTS intel compilers, so I’ve started using Ubuntu 22.04 LTS on Apple Silicon running under Parallels as the primary development environment …

If there are issues with this approach, definitely lets discuss, and if there are other environments that we should consider (like OpenWRT) … lets !!!!

Hope all is most excellent, 

Carter

More information about the argus mailing list