[ARGUS] Argus-5.0.2 release Nov 14
Carter Bullard
carter at qosient.com
Thu Oct 31 14:29:50 EDT 2024
Gentle persons,
We’re planning on releasing argus-5.0.2 on or just before Nov 14th …. All the mods, which include new features and bug fixes are now in the main GitHub branches:
https://github.com/openargus/argus
https://github.com/openargus/clients
Any testing that you may be able to do before Nov 14th would be greatly appreciated.
We’re having good luck on all target Linux, Mac OS and Windows (10,11) OS, if there is a specific OS you would like tested, please holler !!!
The important changes from argus-5.0.0 include:
1. Argus segfault on specific ethernet 802.3 LLC headers
2. Bug fix for IPv6 flows in Ethernet II based tunnels not being reported.
This is an important bug fix, as the bug resulted in argus not generating records for key IPv6 traffic.
3. Fixes for parsing specific tunnel headers (Geneve, GRE, VxLan)
4. Argus client filter parsing issues for “proto” keyword.
There are also new features that have been introduced for 5.0.2
1. Packet "capture on protocol" - enhance encapsulation debugging for high performance sensors
2. Encapsulation capture - capture encapsulation headers on a flow record basis
3. Flow spec capture for key tunnel protocols
And new argus-clients support for argus’s new features
1. Print tunnel flow spec identifiers - gresaddr, gredaddr, greproto …
2. Shift to libmaxminddb as the default geoip library (libgeoip as fallback).
Some of the new features are intended for tunnel accountability and debugging support, but have a lot of uses for forensics and hunting.
And of course lots of bug fixes and tweaking to mature the example programs.
Hope all is most excellent,
Carter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1385 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20241031/16214be0/attachment.bin>
More information about the argus
mailing list