What is Argus?
Argus processes packet data and generates summary network flow data. If you have packets, and want to know something about whats going on, argus() is a great way of looking at aspects of the data that you can't readily get from packet analyzers. How many hosts are talking, who is talking to whom, how often, is one address sending all the traffic, are they doing the bad thing? Argus is designed to generate network flow status information that can answer these and a lot more questions that you might have.
http://www.qosient.com/argus/gettingstarted.htm
http://www.qosient.com/argus/index.htm
My System:OS X 10.6.2
Current Argus Version:
Argus 3.0.2
Argus Clients 3.0.2
Getting Argus:
Macports Argus isn't up to date so I downloaded the source and followed the instructions for the most part.
Download Argus and Argus Clients
http://www.qosient.com/argus/downloads.htm
Dependencies:
I installed a few of the dependencies with macports.
sudo port install libpcap
sudo port install bison
sudo port install flex
tcp_wrappers is already installed on my system. I tried to install it with macports but it failed so I didn't try to fix the macports version and stayed with the OS X installation.
At the time I couldn't figure out what version of libpcap was installed on my OS X system so I installed it with macports. For future reference tcpdump -V will print the version of tcpdump and libpcap installed. My OS X installation has tcpdump version 4 and libpcap version 1 installed. Now I also have macports libpcap version 1 installed which supersedes the OS X installation in my path.
Bison was already installed on my system but the version was older so I installed a newer version with macports.
Flex was already installed on my system but I had already installed bison with macports so I decided to install flex with macports too. Probably not necessary that's just the way I did it.
Configure and Install Argus:
cd ~/bin/argus-3.0.2/
./configure
make
sudo make install
Argus installed successfully.
In hindsight I'm pretty sure all the dependencies I installed with macports were unnecessary. In Mac OS X 10.6.2 Argus will probably configure without installing or updating any additional software dependencies.
No comments:
Post a Comment