[ARGUS] New argus release
Carter Bullard
carter at qosient.com
Tue Nov 21 16:43:47 EST 2023
Gentle persons,
I’m preparing to transition a significant part of the commercial version of argus into the open source project. I’m going to move the commercial sensor into the open source, and a few of the commercial client programs, including complete passive DNS, a lot of large scale deployment collection and processing, and the argus python client library to enable AI/ML work. I’m hoping that this will be a big addition to the open source argus collection, and hopefully useful for the community.
This version is a significant upgrade, designed primarily to provide a zero configuration approach for comprehensive network auditing in endpoints, ie laptops, workstations and mobile devices. The core of the zero configuration approach is support for a UUID argus source identifier, so you don’t have to assign a source id in your argus.conf, and support for monitoring all the physical and virtual interfaces on the system independently. This has caused us to modify the argus record header to support the much larger scrid and to add an interface identifier. Bigger identifiers mean a bigger header, and thus the reason for the major version change of the software.
There are a lot of new features and fixes that come from the commercial argus. This version should be able to run at 100Gbps with hardware support, as it does at Stanford. It is also very efficient, so that the cpu and memory utilization is very small on end systems that use a lot of real and dynamic virtual interfaces. And of course we’ve rung out a lot of bugs that are in the argus-3.0 distros.
I had thought to distribute this release as argus-4.0, but there is a lot of commercial argus data out there at various sites, so I think the best path is to release it as argus-5.0, which is the designation for commercial argus.
While argus-5.0 data is incompatible with argus-3.0 processing, all argus-5.0 components currently read and write argus-3.0 formats, so there is a lot of backward compatibility, and hopefully an easy transition path for upgrading.
I've setup the current 3.0.8 argus repositories at https://github.com/openargus and I have the core of argus-5.0 already setup in private repos on GitHub. I will make the private repos available before the end of the year as a distinct set of distributions. The commercial code is called ‘gargoyle’ and I’ll keep that name until we make it just argus-5.0.
I am very interested in comments / suggestions / opinions and even flames … so send email or go to the GitHub sites and make some noise there.
Hope all is most excellent,
Carter
Carter Bullard • QoSient • Founder / CEO
330 Mountain Rest Road, POBox 1201, New Paltz, New York 12561
Phone +1.212.588.9133 • Mobile +1.917.497.9494
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20231121/5bd74e2d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1385 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20231121/5bd74e2d/attachment.bin>
More information about the argus
mailing list