I'm currently working hard on network flow analysis stuff, and argus is always my best friend. Another wonderful application suite is silktools and I think you should try it out if you are into network flow analysis. Anyway here's the quick installation for upcoming argus 3 on Ubuntu 7.10.
It is pretty straight forward to get argus 3 installed -
It is pretty straight forward to get argus 3 installed -
shell>sudo apt-get install libpcap0.8 libpcap0.8-dev flex bison rrdtool
Once you have installed all the dependencies of argus 3, lets download argus 3 server and its client suite to install.
shell>wget \ftp://qosient.com/dev/argus-3.0/argus-3.0.0.tar.gz
shell>wget \
ftp://qosient.com/dev/argus-3.0/argus-clients-3.0.0.rc.63.tar.gz
Once you have downloaded them, you just need to perform usual compilation steps by decompressing them -> configure; make && make install.
And if you still don't know what argus is about, check out this post.
P/S: Both argus and silktools are included in the HeX liveCD.
Enjoy ;]
And if you still don't know what argus is about, check out this post.
P/S: Both argus and silktools are included in the HeX liveCD.
2 comments:
I've been working with Ubuntu and Argus and found the following setting to be very helpful for dealing with missed packets.
sysctl -w net.core.rmem_max=33554432
sysctl -w net.core.rmem_default=33554432
sysctl -w net.core.netdev_max_backlog=10000
And add them to /etc/sysctl.conf too.
I got these settings from "http://www.net.t-labs.tu-berlin.de/research/hppc/" on the recommendation from some Bro presentations. Before these changes, Argus MAN records were reporting a regular amount of dropped packets.
Hi esteban,
Yeah, those are very useful tips for tuning. In fact you can check out the NSM wiki here too -
http://www.vorant.com/nsmwiki/Performance
Yes, argus management record is great to monitor the health of it!
Post a Comment