[ARGUS] Argus error in packet size and bytes

Sun Jun 5 03:22:09 EDT 2022

Hi Carter,

Finally got it to work on my Mac. Thank you for your help. The "pre
ARGUS_DATA_DSR len is zero" issue is now sorted. However, i'm still getting
some flows as INT and in all of them, the packet size and no of bytes
fields are empty. Do you have any idea what could be the issue? What does
the state 'INT' actually mean? This happens with flows that have state
'INT' only.

-Sehan

On Fri, 3 Jun 2022 at 17:00, Carter Bullard <carter at qosient.com> wrote:

> Hey Sehan,
> There are many methods for managing software on Linux machines.  By
> downloading the source, and using ‘make install’, you are avoiding all of
> those systems, so ‘dpkg’ won’t ‘know’ that the software is installed.
> Working with source is a good thing for an investigator … you’re now a
> developer rather than a user :O)
>
> There is a file in each of the distributions that describes these
> concepts, like the README file and the INSTALL file.  Take a look ...
>
> By default, argus will install all of its code into the /usr/local
> directories.
>    % cd /usr/local
>    % ls
>
> If your ‘make install’ was successful, you should see the bin and sbin
> subdirectories in /usr/local.  Argus is in the sbin directory (system
> binary) and the clients are all in the bin directory.
> You can run programs like ‘ra’ by providing the complete path in your
> command …
>
>    % /usr/local/bin/ra -r argus.file
>
> You may need to add /usr/local/bin and /usr/local/sbin directories to your
> PATH variable (added to .bashrc, or .profile in your home directory),
>
> You can have argus change where it installs things.  If you would rather
> argus install its software in the system /usr/sbin and /usr/bin
> directories, try this:
>    % make uninstall
>           This will remove the current software
>
>    % ./configure —prefix=/usr
>    % make install
>
> Do look at the output of the make program calls, as the information is
> very useful and possibly instructional.
> If you would like it to install in the /opt directory structure, then
> change the ‘/usr’ in the above configure call to ‘/opt’.
>
>  Carter
>
>
> On Jun 3, 2022, at 8:51 AM, Sehan Samarakoon <sehan6996 at gmail.com> wrote:
>
> Hi Carter,
>
> The installation issue is ok now. It got installed with 'make install'.
> But argus package is not showing under dpkg list yet. And argus commands
> are not working. It says its not installed and asking to be installed with
> 'apt'. Is there a specific location that I should clone it? Are there any
> environment variables to be adjusted?
>
> Sehan
>
> On Thu, 2 Jun 2022 at 17:17, Carter Bullard <carter at qosient.com> wrote:
>
>> Hey Sehan,
>> You aren’t doing anything wrong … my bad … I didn’t finish a needed
>> change in master for the mysql code … for some reason my test machine
>> didn’t have mysql installed …
>> OK fetch and pull the code from GitHub again and all should be well ...
>>
>> Carter
>>
>>
>> On Jun 1, 2022, at 9:14 AM, Sehan Samarakoon <sehan6996 at gmail.com> wrote:
>>
>> Hi Carter,
>>
>> Thanks for the reply. I'm running argus on a Kali linux and was only able
>> to install argus through "sudo apt-get install". So I have been using the
>> version 3.0.8.2 as shown in here.
>> <argus_ver.png>
>> I have been trying to get the source code from github but the following
>> message is given and argus is not installed when I give the "make" command.
>>
>> <Screenshot_2022-06-01_09-05-37.png>
>> Any idea what I'm doing wrong?
>>
>> -Sehan
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20220605/898e9e99/attachment.htm>