LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-30-2009, 01:41 PM   #1
Kayone
LQ Newbie
 
Registered: Oct 2009
Posts: 6

Rep: Reputation: 0
Begging: Repeated Argus question... how do I get it installed properly?


Hello everyone,

I am pretty new to Linux (8.04). I have taken a bunch of classes that taught different aspects of the OS but I never dove into it. I probably know some less-than-newb information and totally forgot something about the core functionality of the OS. Please bare with me. This may be painful.

Argus:

I keep reading about people having the same issue getting Argus to work on Linux for them. I hear people saying that this issue doesn't exist on older versions of Argus.

Honestly, I don't care if I need to download the older version. I would rather not but if that is what I need to do, feel free to direct me that way.

Basically, I am trying to run Argus (netflow analyzer) against PCAP data to pull out metadata. I want the output to go to a SQL database.

This seemed like a simple task at first. This isn't necessarily the case anymore.

I have been trying to find a clear cut answer for 2 days now and it is literally beyond me. I tried using the repo's.. I tried sudo apt-get install.. The furthest I got was being able to use man pages for Argus. Unfortunately, when I tried to run a command, it said I didn't have the server running. I tried to uninstall and re-install. Nothing.

If someone could please explain what I need to do, I would be greatly appreciative. I am wasting too much time trying to figure this out on my own and this is too valuable to give up on.


been to qosient.com.. maybe I missed what I needed to do.

https://bugs.launchpad.net/ubuntu/+s...us/+bug/192868

http://www.linuxquestions.org/questi...-argus-698865/

http://packages.debian.org/lenny/i38...erver/download

http://web.archive.org/web/200801191...s/how-to.htm#3
 
Old 10-31-2009, 12:33 AM   #2
lugoteehalt
Senior Member
 
Registered: Sep 2003
Location: UK
Distribution: Debian
Posts: 1,215
Blog Entries: 2

Rep: Reputation: 49
Don't know really but if it said the server was not running then why not try starting it with the command 'argusd', perhaps as root or sudo? If it does not exist look for something that seems related to it. Is the server installed - you might have only installed the client?

To see if the server is running:
Code:
$ ps -A|grep argusd
 
Old 11-02-2009, 10:10 AM   #3
Kayone
LQ Newbie
 
Registered: Oct 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by lugoteehalt View Post
Don't know really but if it said the server was not running then why not try starting it with the command 'argusd', perhaps as root or sudo? If it does not exist look for something that seems related to it. Is the server installed - you might have only installed the client?

To see if the server is running:
Code:
$ ps -A|grep argusd
Welcome to the land of the lost
Thank you for stepping up to the plate!

A. "sudo argusd"
Result: "sudo: argusd: command not found"

B. "man argus"
Result: got back man page

C. "me@me-desktop:~$ sudo argus -S 3600 -/home/me/Desktop/argtest.txt udp and port 2049 &"
"[2] 18992"

When trying this out, I didn't get a prompt for sudo (maybe because the timer hadn't reset for sudo?) Either way, I tried to run a "ps -A | grep argus" and nothing came back. When I did a "ps -A" without the grep for argus, I came back with the following. The process ID I created for the argus command I ran was "18992 pts/1 00:08:21 sudo"

1 ? 00:00:01 init
2 ? 00:00:00 kthreadd
3 ? 00:00:00 migration/0
4 ? 00:00:03 ksoftirqd/0
5 ? 00:00:00 watchdog/0
6 ? 00:00:00 migration/1
7 ? 00:00:01 ksoftirqd/1
8 ? 00:00:00 watchdog/1
9 ? 00:00:04 events/0
10 ? 00:00:03 events/1
11 ? 00:00:00 khelper
46 ? 00:00:00 kblockd/0
47 ? 00:00:00 kblockd/1
50 ? 00:00:00 kacpid
51 ? 00:00:00 kacpi_notify
133 ? 00:00:00 kseriod
169 ? 00:00:00 pdflush
170 ? 00:00:07 pdflush
171 ? 00:00:00 kswapd0
212 ? 00:00:00 aio/0
213 ? 00:00:00 aio/1
1409 ? 00:00:00 ksuspend_usbd
1413 ? 00:00:00 khubd
1564 ? 00:00:00 khpsbpkt
1619 ? 00:00:31 ata/0
1667 ? 00:00:10 ata/1
1668 ? 00:00:00 knodemgrd_0
1670 ? 00:00:00 ata_aux
1684 ? 00:00:00 scsi_eh_0
1685 ? 00:02:13 scsi_eh_1
2549 ? 00:00:20 kjournald
2752 ? 00:00:00 udevd
2967 ? 00:00:00 edac-poller
3116 ? 00:00:00 kpsmoused
4471 tty4 00:00:00 getty
4472 tty5 00:00:00 getty
4474 tty2 00:00:00 getty
4476 tty3 00:00:00 getty
4478 tty6 00:00:00 getty
4658 ? 00:00:00 acpid
4686 ? 00:00:00 kondemand/0
4687 ? 00:00:00 kondemand/1
4783 ? 00:00:00 syslogd
4839 ? 00:00:00 dd
4841 ? 00:00:00 klogd
4863 ? 00:00:00 dbus-daemon
4879 ? 00:00:00 NetworkManager
4893 ? 00:00:00 NetworkManagerD
4906 ? 00:00:00 system-tools-ba
4926 ? 00:00:00 avahi-daemon
4927 ? 00:00:00 avahi-daemon
4968 ? 00:00:00 cupsd
5024 ? 00:00:00 winbindd
5062 ? 00:00:28 dhcdbd
5073 ? 00:00:00 winbindd
5082 ? 00:00:03 hald
5085 ? 00:00:00 console-kit-dae
5086 ? 00:00:00 hald-runner
5171 ? 00:00:00 hald-addon-acpi
5175 ? 00:00:03 hald-addon-inpu
5185 ? 00:00:02 hald-addon-stor
5192 ? 00:00:23 hald-addon-stor
5195 ? 00:00:20 hald-addon-stor
5234 ? 00:00:00 hcid
5241 ? 00:00:00 btaddconn
5242 ? 00:00:00 btdelconn
5252 ? 00:00:00 bluetoothd-serv
5253 ? 00:00:00 bluetoothd-serv
5258 ? 00:00:00 krfcommd
5297 ? 00:00:00 gdm
5300 ? 00:00:00 gdm
5304 tty7 02:20:52 Xorg
5349 ? 00:00:00 atd
5363 ? 00:00:00 cron
5386 ? 00:00:00 dhclient
5500 tty1 00:00:00 getty
5595 ? 00:01:02 gconfd-2
5597 ? 00:00:00 gnome-keyring-d
5598 ? 00:00:00 x-session-manag
5683 ? 00:00:00 seahorse-agent
5687 ? 00:00:00 dbus-daemon
5688 ? 00:00:33 gnome-settings-
5692 ? 00:02:37 pulseaudio
5701 ? 00:00:00 gconf-helper
5710 ? 00:03:51 gnome-screensav
5715 ? 00:17:20 metacity
5716 ? 00:09:30 gnome-panel
5718 ? 00:02:02 nautilus
5725 ? 00:00:00 bonobo-activati
5751 ? 00:00:00 gvfsd
5762 ? 00:00:00 gvfs-fuse-daemo
5766 ? 00:00:00 bluetooth-apple
5769 ? 00:00:08 update-notifier
5775 ? 00:00:00 evolution-alarm
5776 ? 00:00:00 tracker-applet
5778 ? 00:00:00 trackerd
5784 ? 00:00:00 python
5785 ? 00:00:02 gnome-volume-ma
5786 ? 00:04:49 nm-applet
5788 ? 00:00:07 gnome-power-man
5794 ? 00:00:00 trashapplet
5798 ? 00:00:00 gvfsd-trash
5807 ? 00:00:00 evolution-excha
5809 ? 00:00:00 gvfsd-burn
5816 ? 00:00:00 evolution-data-
5821 ? 00:00:00 mixer_applet2
5823 ? 00:00:00 fast-user-switc
9897 ? 19:09:46 firefox
18732 ? 00:00:04 gnome-terminal
18735 ? 00:00:00 gnome-pty-helpe
18736 pts/0 00:00:00 bash
18753 pts/0 00:00:00 man
18764 pts/0 00:00:00 pager
18801 ? 00:00:00 gksu
18802 ? 00:00:21 synaptic
18804 ? 00:00:00 gnome-pty-helpe
18954 pts/0 00:00:00 man
18965 pts/0 00:00:00 pager
18974 pts/1 00:00:00 bash
18990 pts/1 00:00:00 sudo
18992 pts/1 00:08:21 sudo
18997 pts/2 00:00:00 bash
19029 pts/3 00:00:00 bash
19048 ? 00:00:02 gnome-search-to
19074 pts/3 00:00:00 ps



D. File search (looking for the word "argus" in filesystem):
Result: (I have tried to do a manual install and one through the repos. I uninstalled the client through the distro and tried to reinstall the server through the distro. I can remove all files relating to argus and start from scratch if you think that is best)

/bin/Desktop/argus-3.0.0
/bin/Desktop/argus-clients-3.0.0
/bin/Desktop/argus-3.0.0/argus
/bin/Desktop/argus-3.0.0/argus/ArgusApp.c
/bin/Desktop/argus-3.0.0/argus/ArgusArp.c
/bin/Desktop/argus-3.0.0/argus/ArgusAuth.c
/bin/Desktop/argus-3.0.0/argus/ArgusEsp.c
/bin/Desktop/argus-3.0.0/argus/ArgusFrag.c
/bin/Desktop/argus-3.0.0/argus/ArgusIcmp.c
/bin/Desktop/argus-3.0.0/argus/ArgusIgmp.c
/bin/Desktop/argus-3.0.0/argus/ArgusMac.c
/bin/Desktop/argus-3.0.0/argus/ArgusModeler.c
/bin/Desktop/argus-3.0.0/argus/ArgusModeler.h
/bin/Desktop/argus-3.0.0/argus/ArgusOutput.c
/bin/Desktop/argus-3.0.0/argus/ArgusOutput.h
/bin/Desktop/argus-3.0.0/argus/ArgusSource.c
/bin/Desktop/argus-3.0.0/argus/ArgusSource.h
/bin/Desktop/argus-3.0.0/argus/ArgusTcp.c
/bin/Desktop/argus-3.0.0/argus/ArgusUdp.c
/bin/Desktop/argus-3.0.0/argus/ArgusUtil.c
/bin/Desktop/argus-3.0.0/argus/ArgusUtil.h
/bin/Desktop/argus-3.0.0/argus/argus.c
/bin/Desktop/argus-3.0.0/argus/argus.h
/bin/Desktop/argus-3.0.0/bin/argusbug
/bin/Desktop/argus-3.0.0/common/argus_auth.c
/bin/Desktop/argus-3.0.0/common/argus_code.c
/bin/Desktop/argus-3.0.0/common/argus_filter.c
/bin/Desktop/argus-3.0.0/common/argus_util.c
/bin/Desktop/argus-3.0.0/include/argus-namedb.h
/bin/Desktop/argus-3.0.0/include/argus_client.h
/bin/Desktop/argus-3.0.0/include/argus_code.h
/bin/Desktop/argus-3.0.0/include/argus_def.h
/bin/Desktop/argus-3.0.0/include/argus_def_v2.h
/bin/Desktop/argus-3.0.0/include/argus_ethertype.h
/bin/Desktop/argus-3.0.0/include/argus_filter.h
/bin/Desktop/argus-3.0.0/include/argus_gmpls.h
/bin/Desktop/argus-3.0.0/include/argus_gre.h
/bin/Desktop/argus-3.0.0/include/argus_int.h
/bin/Desktop/argus-3.0.0/include/argus_llc.h
/bin/Desktop/argus-3.0.0/include/argus_namedb.h
/bin/Desktop/argus-3.0.0/include/argus_os.h
/bin/Desktop/argus-3.0.0/include/argus_out.h
/bin/Desktop/argus-3.0.0/include/argus_parse.h
/bin/Desktop/argus-3.0.0/include/argus_parser.h
/bin/Desktop/argus-3.0.0/include/argus_util.h
/bin/Desktop/argus-3.0.0/include/argus_v3_def.h
/bin/Desktop/argus-3.0.0/lib/argus.spec
/bin/Desktop/argus-3.0.0/man/man5/argus.conf.5
/bin/Desktop/argus-3.0.0/man/man8/argus.8
/bin/Desktop/argus-3.0.0/support/Archive/argusarchive
/bin/Desktop/argus-3.0.0/support/Config/argus.conf
/bin/Desktop/argus-3.0.0/support/Startup/argus
/bin/Desktop/argus-clients-3.0.0/bin/argusbug
/bin/Desktop/argus-clients-3.0.0/common/argus_auth.c
/bin/Desktop/argus-clients-3.0.0/common/argus_client.c
/bin/Desktop/argus-clients-3.0.0/common/argus_code.c
/bin/Desktop/argus-clients-3.0.0/common/argus_debug.h
/bin/Desktop/argus-clients-3.0.0/common/argus_event.c
/bin/Desktop/argus-clients-3.0.0/common/argus_filter.c
/bin/Desktop/argus-clients-3.0.0/common/argus_main.c
/bin/Desktop/argus-clients-3.0.0/common/argus_parser.c
/bin/Desktop/argus-clients-3.0.0/common/argus_util.c
/bin/Desktop/argus-clients-3.0.0/include/argus_8021q.h
/bin/Desktop/argus-clients-3.0.0/include/argus_client.h
/bin/Desktop/argus-clients-3.0.0/include/argus_cluster.h
/bin/Desktop/argus-clients-3.0.0/include/argus_debug.h
/bin/Desktop/argus-clients-3.0.0/include/argus_def.h
/bin/Desktop/argus-clients-3.0.0/include/argus_ethertype.h
/bin/Desktop/argus-clients-3.0.0/include/argus_event.h
/bin/Desktop/argus-clients-3.0.0/include/argus_filter.h
/bin/Desktop/argus-clients-3.0.0/include/argus_gmpls.h
/bin/Desktop/argus-clients-3.0.0/include/argus_histo.h
/bin/Desktop/argus-clients-3.0.0/include/argus_int.h
/bin/Desktop/argus-clients-3.0.0/include/argus_labeler.h
/bin/Desktop/argus-clients-3.0.0/include/argus_llc.h
/bin/Desktop/argus-clients-3.0.0/include/argus_main.h
/bin/Desktop/argus-clients-3.0.0/include/argus_metric.h
/bin/Desktop/argus-clients-3.0.0/include/argus_namedb.h
/bin/Desktop/argus-clients-3.0.0/include/argus_oids.h
/bin/Desktop/argus-clients-3.0.0/include/argus_os.h
/bin/Desktop/argus-clients-3.0.0/include/argus_out.h
/bin/Desktop/argus-clients-3.0.0/include/argus_parser.h
/bin/Desktop/argus-clients-3.0.0/include/argus_sort.h
/bin/Desktop/argus-clients-3.0.0/include/argus_util.h
/bin/Desktop/argus-clients-3.0.0/lib/argus-clients.spec
/etc/argus.conf
/etc/default/argus-server
/etc/init.d/argus-server
/etc/logrotate.d/argus-server
/etc/ppp/ip-down.d/argus-server
/etc/ppp/ip-up.d/argus-server
/etc/rc0.d/K20argus-server
/etc/rc1.d/K20argus-server
/etc/rc2.d/S20argus-server
/etc/rc3.d/S20argus-server
/etc/rc4.d/S20argus-server
/etc/rc5.d/S20argus-server
/etc/rc6.d/K20argus-server
/home/me/Desktop/man_argus
/home/me/Desktop/man_argus/argusconf.txt
/home/me/Desktop/man_argus/infoargus.txt
/home/me/Desktop/man_argus/manargus.txt
/usr/local/argus
/usr/local/bin/argusbug
/usr/sbin/argus
/usr/share/doc/argus-server
/usr/share/doc/argus-server/html/argus.5.html
/usr/share/doc/argus-server/html/argus.8.html
/usr/share/doc/argus-server/html/argus.conf.5.html
/usr/share/doc/argus-server/support/Archive/argusarchive
/usr/share/doc/argus-server/support/Config/argus.conf.gz
/usr/share/doc/argus-server/support/Startup/argus
/usr/share/lintian/overrides/argus-server
/usr/share/man/man5/argus.5.gz
/usr/share/man/man5/argus.conf.5.gz
/usr/share/man/man8/argus.8.gz
/usr/share/man/man8/argus_linux.8.gz
/var/cache/apt/archives/argus-client_2.0.6.fixes.1-3_i386.deb
/var/cache/apt/archives/argus-server_1%3a2.0.6.fixes.1-14_i386.deb
/var/lib/dpkg/info/argus-server.conffiles
/var/lib/dpkg/info/argus-server.config
/var/lib/dpkg/info/argus-server.list
/var/lib/dpkg/info/argus-server.md5sums
/var/lib/dpkg/info/argus-server.postinst
/var/lib/dpkg/info/argus-server.postrm
/var/lib/dpkg/info/argus-server.prerm
/var/lib/dpkg/info/argus-server.templates
/var/log/argus
 
Old 11-02-2009, 10:18 AM   #4
AngTheo789
Member
 
Registered: Sep 2009
Posts: 110

Rep: Reputation: 24
Your application is in /usr/sbin/argus

If you plan on running Argus as a system daemon, then you should install an argus configuration file as /etc/argus.conf. This provides a single point of configuration for argus as a system daemon. A sample is provided in ./support/Config/argus.conf.
# cp ./support/Config/argus.conf /etc/argus.conf
# chmod 600 /etc/argus.conf

If everything is installed properly, and the /etc/argus.conf file is configured correctly, all you need to run argus is:
# argus

When run as a user program, if you intend to read packets from a live interface, you will need to have root privledges to either open the device, or to put the interface in promiscuous mode.
 
Old 11-02-2009, 02:30 PM   #5
Kayone
LQ Newbie
 
Registered: Oct 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by AngTheo789 View Post
Your application is in /usr/sbin/argus

If you plan on running Argus as a system daemon, then you should install an argus configuration file as /etc/argus.conf. This provides a single point of configuration for argus as a system daemon. A sample is provided in ./support/Config/argus.conf.
# cp ./support/Config/argus.conf /etc/argus.conf
# chmod 600 /etc/argus.conf

If everything is installed properly, and the /etc/argus.conf file is configured correctly, all you need to run argus is:
# argus

When run as a user program, if you intend to read packets from a live interface, you will need to have root privledges to either open the device, or to put the interface in promiscuous mode.
((((((((((((*************** This is where I have gotten so far************** )))))))))))))))))))))))

I have gotten this far since the stuff I posted below. This kinda has the functionality I would like (or at least I think this is what I am going for)

sudo argus -r slammer -w - | ra -n

I mean, I am eventually going to try to get to the point to where this is going to be added to a SQL database (wishful thinking).

To the best of my understanding, this line is:

sudo: Giving me permissions to run the program

argus: telling the argus program to run

-r: Says it is reading from tcpdump (basically lets it know that slammer is a pcap file that I got from a tcpdump output)

slammer: This is the file I am running argus against. Argus is natively designed to be a promiscuous sniffer and create netflow metadata based on that . Since I already have my collection center running tcpdump, and my primary focus is on the packet data, I didn't want to over burden my sensor. I want to process the data somewhere else. I decided to create netflow data based purely off the packet data so I could see the big picture. Eventually I will use this for other purposes as well.

-w -: This creates an output file. You will notice that my output file is a dash (-). This makes the output/results of my process print to my screen (stdout). I am only using this for testing purposes. This will definitely change.

((((((((((((************ This is where I have given up at this time************ ))))))))))))))))))))


I am trying to have Argus read PCAP files from a directory. I assume you would only run the argus daemon if you were sniffing traffic live? If that is the case, do I even need to configure anything?

Basically, I want to create a script that will make readable netflow data out of a whole directory full of pcap files. I will want argus to only run when the script is ran.

Also, I gave up on installing the newer version. I just installed from http://packages.debian.org/lenny/i38...erver/download. It appears that this works.

There are a few questions I have though:

argus -r ./packetfile

When looking at the man pages, it says -r Read from tcpdump(1) , snoop(1) or NLANR’s Moat Time Sequence Header (tsh) packet capture files. If the packet capture file is a tsh format file, then the -t option must also be used. Argus will read from only one input packet file at a time. If the -r option is specified, argus will not put down a listen(2) to support remote access.


http://web.archive.org/web/200801191...s/how-to.htm#3

When I tried to do this, it kicked back my shell as if it were successful. The problem is, I think this isn't doing what I need it to do (if it is doing anything at all). Maybe I am missing the big picture.

As a test, I have a pcap file called slammer on my Desktop. I changed directories to my Desktop and then I typed "argus -r ./slammer".

I am assuming that this is telling argus to keep an eye on that file by running as a persistent daemon? It is keeping the results in virtual memory until I pull out the data through a program like ra?

In theory, I would like to make argus read through a directory of pcap files and output all of the metadata so I could read all of the IP addresses/ports/etc that were associated.

Is there any way I can make argus read the data and output the information in a file that I can read or do I need to run a bunch of separate commands to do that? I don't need to read packets from a network interface.

Last edited by Kayone; 11-02-2009 at 03:25 PM.
 
Old 11-09-2009, 03:32 PM   #6
Kayone
LQ Newbie
 
Registered: Oct 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Well.. I found one of my problems. If you are unable to use the ra commands (ramon, rasql, rasqlinsert, ragraph, etc), you may be having the same issue I had.

I had a conflicting configuration file that stuck around from Argus 2.
I am currently using Argus 3.

All I did to fix this is move /etc/ra.conf to my desktop. This file was the one creating the conflict. If anyone else is having this issue, the semi-official answer can be found here:

http://article.gmane.org/gmane.network.argus/5671

I am still not sure why the repos don't work properly (possibly something to with defining $ARGUSHOME but I didn't fully understand the problem). I am also not sure why my original Argus 3 sources wouldn't install properly. I got a friend to give me a working copy. I have moved on with trying to figure that one out.

I hope I help someone. If not, o-well.

Now I have to figure out how to get rasql to work. I just pray that I don't have any more issues like I have been. I have spent the last 2 weeks trying to get this done. I guess I have to learn somehow.

Last edited by Kayone; 11-09-2009 at 03:40 PM.
 
Old 11-09-2009, 11:03 PM   #7
lugoteehalt
Senior Member
 
Registered: Sep 2003
Location: UK
Distribution: Debian
Posts: 1,215
Blog Entries: 2

Rep: Reputation: 49
Congrats, if you've got it vaugly sorted.
 
Old 11-10-2009, 07:09 PM   #8
chellyaz
Argus Maintainer
 
Registered: Nov 2009
Posts: 2

Rep: Reputation: 0
If you are having argus problems, don't hesitate to send email either to the argus mailing list, which you can join
from http://qosient.com/argus/mailinglists.htm, or send email directly to me, carter@qosient.com.

First, grab the newest version of argus from the web site http://qosient.com/argus, argus-3.0.2 both argus
and the clients packages. Processing packets using argus is very simple and you're on track. Try to stick with
libpcap formatted packet files, as they are the easiest to work with.

argus -r packet.file -w output.file

or

argus -r packet.file -w - | ra

This will generate some output, if not you've got some basic problems but the README and INSTALL should
clear up most of the problems. argus without an output will not generate any data, but it will process the
packets. Its a kind of debug mode.

If you are having problems you don't understand, ./configure and make argus and the clients with a .debug
file in the root directory. That will turn on debugging, and you can print out a lot of stuff with the "-D <num>"
option. Increasing numbers increase the amount of information.

rasqlinsert() is the program you want to focus on, and there is quite a bit of information for it in the argus
mailing list archive. http://news.gmane.org/gmane.network.argus. This reference is a particuallary
good entry for database stuffing.

http://article.gmane.org/gmane.network.argus/6954

Don't hesitate to send me email if you have any problems!!!

Carter
 
Old 11-19-2009, 08:47 AM   #9
Kayone
LQ Newbie
 
Registered: Oct 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by lugoteehalt View Post
Congrats, if you've got it vaugly sorted.
Thanks

I am moving forward finally which is better than going no where.
 
Old 11-19-2009, 08:55 AM   #10
Kayone
LQ Newbie
 
Registered: Oct 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by chellyaz View Post
If you are having argus problems, don't hesitate to send email either to the argus mailing list, which you can join
from http://qosient.com/argus/mailinglists.htm, or send email directly to me, carter@qosient.com.

First, grab the newest version of argus from the web site http://qosient.com/argus, argus-3.0.2 both argus
and the clients packages. Processing packets using argus is very simple and you're on track. Try to stick with
libpcap formatted packet files, as they are the easiest to work with.

argus -r packet.file -w output.file

or

argus -r packet.file -w - | ra

This will generate some output, if not you've got some basic problems but the README and INSTALL should
clear up most of the problems. argus without an output will not generate any data, but it will process the
packets. Its a kind of debug mode.

If you are having problems you don't understand, ./configure and make argus and the clients with a .debug
file in the root directory. That will turn on debugging, and you can print out a lot of stuff with the "-D <num>"
option. Increasing numbers increase the amount of information.

rasqlinsert() is the program you want to focus on, and there is quite a bit of information for it in the argus
mailing list archive. http://news.gmane.org/gmane.network.argus. This reference is a particuallary
good entry for database stuffing.

http://article.gmane.org/gmane.network.argus/6954

Don't hesitate to send me email if you have any problems!!!

Carter

Hey Carter,

Thank you for all of your help.

I actually took that route once I got everything installed. I am trying to work through my rasqlinsert requirements as we speak (with the help of the mailing list). Its a deep learning curve for me but you have been more than generous along the way. Thank you for everything; namely your patience
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem installing argus hazdingo Linux - Software 4 01-21-2009 11:35 AM
Repeated Disk Failure Question bercikr Linux - Hardware 2 11-25-2008 06:52 PM
Seven hours, and still not installed properly snurfle Linux - Newbie 27 06-06-2006 07:35 AM
LXer: Argus Systems Group Announces an MLS Linux Kernel LXer Syndicated Linux News 0 04-25-2006 06:03 PM
font not installed properly mw55309 Linux - Newbie 0 08-14-2003 05:39 AM


All times are GMT -5. The time now is 08:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration