Saturday, July 21, 2007

Argus: Development Testing

I think many of you have heard about argus from my previous blog post. Here's how I maintained my argus installation in my testing environment on FreeBSD platform.

Installing argus server -

shell>wget ftp://qosient.com/dev/argus-3.0/argus-3.0.0.tar.gz

shell>tar xvzf argus-3.0.0.tar.gz

shell>cd argus-3.0.0

shell>./configure --prefix=/usr/local/stow/argus3

shell>make && make install

shell>mv /usr/local/stow/argus3/bin/argusbug /usr/local/stow/argus3/

Installing argus client -

shell>wget ftp://qosient.com/dev/argus-3.0/argus-clients-3.0.0.rc.45.tar.gz

shell>tar xvzf argus-clients-3.0.0.rc.45.tar.gz

shell>cd argus-clients-3.0.0.rc.45

shell>./configure --prefix=/usr/local/stow/argusc-3rc45

shell>make && make install

I have mentioned about the usage of stow previously, you can easily handle source installation with it.

shell>cd /usr/local/stow

shell>stow argus3

shell>stow argusc-3rc45

If there's new version of argus released, you can just unstow and remove all the argus file from /usr/local/stow, then install the new version using the same steps above and you are done. If you want to try out argus 3, just download HeXtra here and load it to HeX liveCD will do.

2 comments:

Enis K. said...

Hi,
Thanks for sharing knowledge.
I want to ask a question.

Is there a file format change from "argus 2" to "argus 3"? I mean, we can use racluster like argus3 tools, with data collected from argus2 clients. Can we say that, it is without errors?

And I encountered compilation problems in ubuntu server and couldn't solve it. It is interesting that I have another ubuntu box with argus3 working also.
Do you recommend using freebsd to use in flow analysis?

C.S.Lee said...

Hi enisk,

Sorry for the late reply!

Yes, there are file format changes between argus 2 and argus 3, but argus3 has backward compatibility where it can read argus 2 file.

I used to compile argus 3 on Ubuntu, it should work out of the box(I don't try argus 2 on Ubuntu), may I know what are the errors?

Any open source OS will do good, however my preference is always FreeBSD because of its amazing network stack and performance. I normally use FBSD for flow analysis, and that's why we have HeX liveCD.

We are currently starting our development for Monitor/Sensor project where you can easily configure ids/flow monitor without much hassle, but it is still long development and we are currently looking for more contributors.

Cheers ;]