headers
Carter Bullard | 4 May 2001 15:33

RE: Cisco Access Lists Feature in 2.0.0?

Hey Olaf,
   Yes, we removed the -C support from basic ra, with
the intention of putting it into a separate client.
Unfortunately, I haven't gotten to it yet, so the new
client doesn't exist, yet.

   Now that you've reminded me that I need to do this ;o)
creating this client is straight forward, and I can put
together a first shot from the 1.8.1 ra() -C support code.
I guess what is needed is testing, and a review of the basic
Cisco filter language.  The Cisco filter language that
the 1.8.1 ra() supported was really old (> 3-4 years ago)
and so if there are any changes, we'll want to make the
additions.

   Let me put together the first implementation of the
client today, and I'll try to have something to you by
Monday.

Carter  

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter <at> qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

> -----Original Message-----
> From: argus-announce-owner <at> qosient.com
> [mailto:argus-announce-owner <at> qosient.com]On Behalf Of Olaf Gellert
> Sent: Wednesday, May 02, 2001 11:27 AM
> To: argus-announce <at> qosient.com
> Subject: Cisco Access Lists Feature in 2.0.0?
>
>
> Hi there,
>
> I just looked thrpugh the 2.0.0 version of argus and
> I am missing the old "ra -C" feature for checking the
> log against Cisco Access Lists. In a mail on the list
> there was said, that this feature will be moved into
> some special client. Does this client already exist?
> If not, which features of ra do you find usefull for
> this task? Any suggestions? Maybe I find some time to
> do this...
>
> Olaf
>
> --
> Olaf Gellert                           mailto:gellert <at> pca.dfn.de
> ----------------------------------------------------------------
> DFN-PCA:                    Eine Arbeitsgruppe der DFN-CERT GmbH
> Oberstr. 14b                              http://www.pca.dfn.de/
> D-20144 Hamburg, Germany           +49.40.808077-555 / Fax: -556
>
>
>
>

Permalink | Reply | 0 comments |
headers
argus-announce-admin | 4 May 2001 15:46

[argus-announce] Argus-2.0.1 Released

Gentle people,
   Argus-2.0.1 has been released and is available from the
web site at http://qosient.com/argus/downloads.htm.  This
version of argus addresses many issues relating to argus
being used in heavily loaded networks, and so 2.0.1 provides
a significant improvement in performance and reliability.

Argus-2.0.1 also has many bug fixes for argus-2.0.0, so even
if you're simply analyzing curious packet capture files,
argus-2.0.1 will have some improvements for you.

Argus-2.0.1 is fully backward compatible, so no problem with
your argus-2.0.0 data.  Please download argus-2.0.1 at your
convenience.

Thanks and have a great weekend!

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter <at> qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

Permalink | Reply | 0 comments |
headers
Chris Newton | 4 May 2001 19:52
Picon

Compile problems? Argus-2.0.1 Released

Hi Carter.  Two things.  First, I believe you left the .debug and .devel files 
in this release tar ball.

  Second, I can't get argus to compile on a redhat 7.1 box.   Here is the 
output of make:

[root <at> epic argus-2.0.1]# make
making in common
make[1]: Entering directory `/usr/local/nva/src/argus-2.0.1/common'
gcc -O -I. -I../include  -I../include/linux-include -DHAVE_MALLOC_H=1 
-DHAVE_ETHER_HOSTTON=1 -DHAVE_STRERROR=1 -DHAVE_NET_IF_ARP_H=1  
-DARGUS_SYSLOG=1 -c ./argus_parse.c
In file included from ../include/linux-include/netinet/if_ether.h:19,
                 from ../include/argus_out.h:55,
                 from ../include/argus_parse.h:55,
                 from ./argus_parse.c:122:
../include/linux-include/net/if_arp.h:43:9: warning: extra tokens at end of 
#endif directive
./argus_parse.c:631:8: warning: extra tokens at end of #endif directive
./argus_parse.c:838:8: warning: extra tokens at end of #endif directive
./argus_parse.c:874:8: warning: extra tokens at end of #endif directive
./argus_parse.c:911:8: warning: extra tokens at end of #endif directive
./argus_parse.c:972:8: warning: extra tokens at end of #endif directive
./argus_parse.c:1165:11: warning: extra tokens at end of #endif directive
./argus_parse.c:1240:8: warning: extra tokens at end of #endif directive
./argus_parse.c:1277:8: warning: extra tokens at end of #endif directive
./argus_parse.c:1299:8: warning: extra tokens at end of #endif directive
./argus_parse.c:1312:8: warning: extra tokens at end of #endif directive
./argus_parse.c:1437:8: warning: extra tokens at end of #endif directive
./argus_parse.c:1676:8: warning: extra tokens at end of #endif directive
./argus_parse.c:1887:8: warning: extra tokens at end of #endif directive
./argus_parse.c: In function `argus_parse_init':
./argus_parse.c:161: warning: assignment makes pointer from integer without a 
cast
./argus_parse.c: In function `main':
./argus_parse.c:264: warning: assignment makes pointer from integer without a 
cast
./argus_parse.c:265: dereferencing pointer to incomplete type
./argus_parse.c: In function `check_time':
./argus_parse.c:2112: storage size of `tmbuf' isn't known
./argus_parse.c:2134: warning: assignment makes pointer from integer without a 
cast
./argus_parse.c:2135: sizeof applied to an incomplete type
./argus_parse.c:2137: sizeof applied to an incomplete type
./argus_parse.c:2139: warning: assignment makes pointer from integer without a 
cast
./argus_parse.c:2140: sizeof applied to an incomplete type
./argus_parse.c:2142: sizeof applied to an incomplete type
./argus_parse.c:2150: warning: assignment makes pointer from integer without a 
cast
./argus_parse.c:2151: dereferencing pointer to incomplete type
./argus_parse.c:2151: invalid use of undefined type `struct tm'
./argus_parse.c:2152: sizeof applied to an incomplete type
./argus_parse.c: In function `check_time_format':
./argus_parse.c:2314: sizeof applied to an incomplete type
./argus_parse.c:2316: invalid use of undefined type `struct tm'
./argus_parse.c:2317: invalid use of undefined type `struct tm'
./argus_parse.c:2318: invalid use of undefined type `struct tm'
./argus_parse.c:2319: invalid use of undefined type `struct tm'
./argus_parse.c:2320: invalid use of undefined type `struct tm'
./argus_parse.c:2321: invalid use of undefined type `struct tm'
./argus_parse.c: In function `parseTime':
./argus_parse.c:2351: sizeof applied to an incomplete type
./argus_parse.c:2381: dereferencing pointer to incomplete type
./argus_parse.c:2390: dereferencing pointer to incomplete type
./argus_parse.c:2400: dereferencing pointer to incomplete type
./argus_parse.c:2433: dereferencing pointer to incomplete type
./argus_parse.c:2434: dereferencing pointer to incomplete type
./argus_parse.c:2435: dereferencing pointer to incomplete type
./argus_parse.c:2442: dereferencing pointer to incomplete type
./argus_parse.c:2444: dereferencing pointer to incomplete type
./argus_parse.c:2444: dereferencing pointer to incomplete type
./argus_parse.c:2446: dereferencing pointer to incomplete type
./argus_parse.c:2446: dereferencing pointer to incomplete type
./argus_parse.c:2448: dereferencing pointer to incomplete type
./argus_parse.c:2448: dereferencing pointer to incomplete type
./argus_parse.c:2450: dereferencing pointer to incomplete type
./argus_parse.c:2450: dereferencing pointer to incomplete type
./argus_parse.c:2452: dereferencing pointer to incomplete type
./argus_parse.c:2452: dereferencing pointer to incomplete type
./argus_parse.c:2457: warning: assignment makes pointer from integer without a 
cast
../include/argus_parse.h:169: storage size of `tm_lasttime' isn't known
../include/argus_parse.h:170: storage size of `tm_startime' isn't known
../include/argus_parse.h:172: storage size of `starTimeFilter' isn't known
../include/argus_parse.h:173: storage size of `lastTimeFilter' isn't known
make[1]: *** [argus_parse.o] Error 1
make[1]: Leaving directory `/usr/local/nva/src/argus-2.0.1/common'
making in clients
make[1]: Entering directory `/usr/local/nva/src/argus-2.0.1/clients'
make[1]: *** No rule to make target `../lib/argus_parse.a', needed by 
`../bin/ra'.  Stop.
make[1]: Leaving directory `/usr/local/nva/src/argus-2.0.1/clients'
[root <at> epic argus-2.0.1]#

>===== Original Message From argus-announce-admin <at> qosient.com =====
Gentle people,
   Argus-2.0.1 has been released and is available from the
web site at http://qosient.com/argus/downloads.htm.  This
version of argus addresses many issues relating to argus
being used in heavily loaded networks, and so 2.0.1 provides
a significant improvement in performance and reliability.

Argus-2.0.1 also has many bug fixes for argus-2.0.0, so even
if you're simply analyzing curious packet capture files,
argus-2.0.1 will have some improvements for you.

Argus-2.0.1 is fully backward compatible, so no problem with
your argus-2.0.0 data.  Please download argus-2.0.1 at your
convenience.

Thanks and have a great weekend!

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter <at> qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

Chris Newton, Systems Analyst
Computing Services, University of New Brunswick
newton <at> unb.ca 506-447-3212(voice) 506-453-3590(fax)
Permalink | Reply | 1003 comments |
headers
Peter Van Epp | 4 May 2001 20:13
Picon
Picon
Favicon

Re: Compile problems? Argus-2.0.1 Released

> 
> Hi Carter.  Two things.  First, I believe you left the .debug and .devel files 
> in this release tar ball.
> 

	Yep, they appear to be there.

>   Second, I can't get argus to compile on a redhat 7.1 box.   Here is the 
> output of make:
<snip>> 

	Compiles fine on FreeBSD 4.2 RELEASE (I have 4.3-RELEASE but haven't
tried it yet but I wouldn't expect a problem given 4.2 works).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada
Permalink | Reply | 0 comments |
headers
Scott A. McIntyre | 4 May 2001 20:16
Picon
Picon
Favicon

ramon, ragator, flows and networks.

Hi,

I have an interest in figuring out, per subnet, the top "talkers" to
other subnets.  In order to do some network provisioning, we're looking
to find the most active (in terms of traffic sent/received) networks
that are talking to certain specific subnets of ours.

Is this something that argus can do?  It seems like the rough plumbing
for it is definitely there, and in the case of ragator perhaps that's
the exact tool I need, but I'm not sure how to best go about creating a
flow model that generates the type of data I'm looking for.

My goal is to have a breakdown so that I get something similar to ramon
output, as so:

988847907     ip 192.168.15.0/24                 0        3689339   0 221692479   INT
988847926     ip 192.168.37.0/24                 94475    0 101755360    0           INT
988847926     ip 10.20.10.0/24                   0        94444     0 101753470   INT

With each of those addresses being networks sending or receiving data to
certain target networks of ours.

Any hints would be appreciated!

Scott
Permalink | Reply | 3 comments |
headers
Peter Van Epp | 4 May 2001 20:25
Picon
Picon
Favicon

Re: ramon, ragator, flows and networks.

	It can be done with perl running off ra output. Although I'm currently
only using nets to identify scans rather than traffic (which I do by IP address)
the network (assuming class C subnet sizes) is broken off and it wouldn't be 
a problem to sort traffic by subnet.
	For instance this report (traffic and traffic by port) could be 
modified to be traffic by destination subnet easily:

142.58.101.24   total traffic: 328,174,671
           142.58.101.24    192.75.241.11   2049               0               0

           142.58.101.24     192.75.241.3   2049               0               0

           142.58.101.24    192.75.241.53  49153               0               0

           142.58.101.24     192.75.241.7   1524               0               0

           142.58.101.24    192.75.241.75  49257               0               0

	so this would become a single line of 

	142.58.101.24	   192.75.241				0 	0

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

> 
> Hi,
> 
> I have an interest in figuring out, per subnet, the top "talkers" to
> other subnets.  In order to do some network provisioning, we're looking
> to find the most active (in terms of traffic sent/received) networks
> that are talking to certain specific subnets of ours.
> 
> Is this something that argus can do?  It seems like the rough plumbing
> for it is definitely there, and in the case of ragator perhaps that's
> the exact tool I need, but I'm not sure how to best go about creating a
> flow model that generates the type of data I'm looking for.
> 
> My goal is to have a breakdown so that I get something similar to ramon
> output, as so:
> 
> 988847907     ip 192.168.15.0/24                 0        3689339   0 221692479   INT
> 988847926     ip 192.168.37.0/24                 94475    0 101755360    0           INT
> 988847926     ip 10.20.10.0/24                   0        94444     0 101753470   INT
> 
> With each of those addresses being networks sending or receiving data to
> certain target networks of ours.
> 
> Any hints would be appreciated!
> 
> Scott
> 
>
Permalink | Reply | 1 comment |
headers
Carter Bullard | 4 May 2001 21:00

RE: Compile problems? Argus-2.0.1 Released

Hmmmmmm,
   I believe that this behavior is not standard C, which
should allow for comments at the end of #endif statements.
Have you got a switch turned on your compiler that's got
it in non-ANSI mode?

   This compiles great on RH 7.0.  I suspect that its got
to be a compiler configuration issue.  Pretty intersting
since these comments have been in the code for 3-4 years
now.

   I've uploading a new version that has the .debug and
.devel files removed.  I don't know what do to about
the #ifdef problems.


Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter <at> qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

> -----Original Message-----
> From: owner-argus-info <at> lists.andrew.cmu.edu
> [mailto:owner-argus-info <at> lists.andrew.cmu.edu]On Behalf Of
> Chris Newton
> Sent: Friday, May 04, 2001 1:52 PM
> To: argus-info <at> lists.andrew.cmu.edu
> Subject: Compile problems? Argus-2.0.1 Released
>
>
> Hi Carter.  Two things.  First, I believe you left the .debug
> and .devel files
> in this release tar ball.
>
>   Second, I can't get argus to compile on a redhat 7.1 box.  
> Here is the
> output of make:
>
> [root <at> epic argus-2.0.1]# make
> making in common
> make[1]: Entering directory `/usr/local/nva/src/argus-2.0.1/common'
> gcc -O -I. -I../include  -I../include/linux-include -DHAVE_MALLOC_H=1
> -DHAVE_ETHER_HOSTTON=1 -DHAVE_STRERROR=1 -DHAVE_NET_IF_ARP_H=1 
> -DARGUS_SYSLOG=1 -c ./argus_parse.c
> In file included from ../include/linux-include/netinet/if_ether.h:19,
>                  from ../include/argus_out.h:55,
>                  from ../include/argus_parse.h:55,
>                  from ./argus_parse.c:122:
> ../include/linux-include/net/if_arp.h:43:9: warning: extra
> tokens at end of
> #endif directive
> ./argus_parse.c:631:8: warning: extra tokens at end of #endif
> directive
> ./argus_parse.c:838:8: warning: extra tokens at end of #endif
> directive
> ./argus_parse.c:874:8: warning: extra tokens at end of #endif
> directive
> ./argus_parse.c:911:8: warning: extra tokens at end of #endif
> directive
> ./argus_parse.c:972:8: warning: extra tokens at end of #endif
> directive
> ./argus_parse.c:1165:11: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1240:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1277:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1299:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1312:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1437:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1676:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1887:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c: In function `argus_parse_init':
> ./argus_parse.c:161: warning: assignment makes pointer from
> integer without a
> cast
> ./argus_parse.c: In function `main':
> ./argus_parse.c:264: warning: assignment makes pointer from
> integer without a
> cast
> ./argus_parse.c:265: dereferencing pointer to incomplete type
> ./argus_parse.c: In function `check_time':
> ./argus_parse.c:2112: storage size of `tmbuf' isn't known
> ./argus_parse.c:2134: warning: assignment makes pointer from
> integer without a
> cast
> ./argus_parse.c:2135: sizeof applied to an incomplete type
> ./argus_parse.c:2137: sizeof applied to an incomplete type
> ./argus_parse.c:2139: warning: assignment makes pointer from
> integer without a
> cast
> ./argus_parse.c:2140: sizeof applied to an incomplete type
> ./argus_parse.c:2142: sizeof applied to an incomplete type
> ./argus_parse.c:2150: warning: assignment makes pointer from
> integer without a
> cast
> ./argus_parse.c:2151: dereferencing pointer to incomplete type
> ./argus_parse.c:2151: invalid use of undefined type `struct tm'
> ./argus_parse.c:2152: sizeof applied to an incomplete type
> ./argus_parse.c: In function `check_time_format':
> ./argus_parse.c:2314: sizeof applied to an incomplete type
> ./argus_parse.c:2316: invalid use of undefined type `struct tm'
> ./argus_parse.c:2317: invalid use of undefined type `struct tm'
> ./argus_parse.c:2318: invalid use of undefined type `struct tm'
> ./argus_parse.c:2319: invalid use of undefined type `struct tm'
> ./argus_parse.c:2320: invalid use of undefined type `struct tm'
> ./argus_parse.c:2321: invalid use of undefined type `struct tm'
> ./argus_parse.c: In function `parseTime':
> ./argus_parse.c:2351: sizeof applied to an incomplete type
> ./argus_parse.c:2381: dereferencing pointer to incomplete type
> ./argus_parse.c:2390: dereferencing pointer to incomplete type
> ./argus_parse.c:2400: dereferencing pointer to incomplete type
> ./argus_parse.c:2433: dereferencing pointer to incomplete type
> ./argus_parse.c:2434: dereferencing pointer to incomplete type
> ./argus_parse.c:2435: dereferencing pointer to incomplete type
> ./argus_parse.c:2442: dereferencing pointer to incomplete type
> ./argus_parse.c:2444: dereferencing pointer to incomplete type
> ./argus_parse.c:2444: dereferencing pointer to incomplete type
> ./argus_parse.c:2446: dereferencing pointer to incomplete type
> ./argus_parse.c:2446: dereferencing pointer to incomplete type
> ./argus_parse.c:2448: dereferencing pointer to incomplete type
> ./argus_parse.c:2448: dereferencing pointer to incomplete type
> ./argus_parse.c:2450: dereferencing pointer to incomplete type
> ./argus_parse.c:2450: dereferencing pointer to incomplete type
> ./argus_parse.c:2452: dereferencing pointer to incomplete type
> ./argus_parse.c:2452: dereferencing pointer to incomplete type
> ./argus_parse.c:2457: warning: assignment makes pointer from
> integer without a
> cast
> ../include/argus_parse.h:169: storage size of `tm_lasttime'
> isn't known
> ../include/argus_parse.h:170: storage size of `tm_startime'
> isn't known
> ../include/argus_parse.h:172: storage size of
> `starTimeFilter' isn't known
> ../include/argus_parse.h:173: storage size of
> `lastTimeFilter' isn't known
> make[1]: *** [argus_parse.o] Error 1
> make[1]: Leaving directory `/usr/local/nva/src/argus-2.0.1/common'
> making in clients
> make[1]: Entering directory `/usr/local/nva/src/argus-2.0.1/clients'
> make[1]: *** No rule to make target `../lib/argus_parse.a', needed by
> `../bin/ra'.  Stop.
> make[1]: Leaving directory `/usr/local/nva/src/argus-2.0.1/clients'
> [root <at> epic argus-2.0.1]#
>
>
>
>
> >===== Original Message From argus-announce-admin <at> qosient.com =====
> Gentle people,
>    Argus-2.0.1 has been released and is available from the
> web site at http://qosient.com/argus/downloads.htm.  This
> version of argus addresses many issues relating to argus
> being used in heavily loaded networks, and so 2.0.1 provides
> a significant improvement in performance and reliability.
>
> Argus-2.0.1 also has many bug fixes for argus-2.0.0, so even
> if you're simply analyzing curious packet capture files,
> argus-2.0.1 will have some improvements for you.
>
> Argus-2.0.1 is fully backward compatible, so no problem with
> your argus-2.0.0 data.  Please download argus-2.0.1 at your
> convenience.
>
> Thanks and have a great weekend!
>
> Carter
>
> Carter Bullard
> QoSient, LLC
> 300 E. 56th Street, Suite 18K
> New York, New York  10022
>
> carter <at> qosient.com
> Phone +1 212 588-9133
> Fax   +1 212 588-9134
> http://qosient.com
>
> _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>
> Chris Newton, Systems Analyst
> Computing Services, University of New Brunswick
> newton <at> unb.ca 506-447-3212(voice) 506-453-3590(fax)
>
>

Permalink | Reply | 0 comments |
headers
Carter Bullard | 4 May 2001 21:14

RE: Compile problems? Argus-2.0.1 Released

I just noticed that you were having problems finding
"struct timebuf".  RH 7.1 must be really screwed up.
Try putting this in ./include/compat.h to see if this
helps.

Index: compat.h
===================================================================
RCS file: /usr/local/cvsroot/argus/include/compat.h,v
retrieving revision 1.7.4.2
diff -r1.7.4.2 compat.h
83a84,87
> #if defined(linux)
> #include <time.h>
> #endif
>

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter <at> qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com


> -----Original Message-----
> From: owner-argus-info <at> lists.andrew.cmu.edu
> [mailto:owner-argus-info <at> lists.andrew.cmu.edu]On Behalf Of
> Chris Newton
> Sent: Friday, May 04, 2001 1:52 PM
> To: argus-info <at> lists.andrew.cmu.edu
> Subject: Compile problems? Argus-2.0.1 Released
>
>
> Hi Carter.  Two things.  First, I believe you left the .debug
> and .devel files
> in this release tar ball.
>
>   Second, I can't get argus to compile on a redhat 7.1 box.  
> Here is the
> output of make:
>
> [root <at> epic argus-2.0.1]# make
> making in common
> make[1]: Entering directory `/usr/local/nva/src/argus-2.0.1/common'
> gcc -O -I. -I../include  -I../include/linux-include -DHAVE_MALLOC_H=1
> -DHAVE_ETHER_HOSTTON=1 -DHAVE_STRERROR=1 -DHAVE_NET_IF_ARP_H=1 
> -DARGUS_SYSLOG=1 -c ./argus_parse.c
> In file included from ../include/linux-include/netinet/if_ether.h:19,
>                  from ../include/argus_out.h:55,
>                  from ../include/argus_parse.h:55,
>                  from ./argus_parse.c:122:
> ../include/linux-include/net/if_arp.h:43:9: warning: extra
> tokens at end of
> #endif directive
> ./argus_parse.c:631:8: warning: extra tokens at end of #endif
> directive
> ./argus_parse.c:838:8: warning: extra tokens at end of #endif
> directive
> ./argus_parse.c:874:8: warning: extra tokens at end of #endif
> directive
> ./argus_parse.c:911:8: warning: extra tokens at end of #endif
> directive
> ./argus_parse.c:972:8: warning: extra tokens at end of #endif
> directive
> ./argus_parse.c:1165:11: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1240:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1277:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1299:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1312:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1437:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1676:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c:1887:8: warning: extra tokens at end of
> #endif directive
> ./argus_parse.c: In function `argus_parse_init':
> ./argus_parse.c:161: warning: assignment makes pointer from
> integer without a
> cast
> ./argus_parse.c: In function `main':
> ./argus_parse.c:264: warning: assignment makes pointer from
> integer without a
> cast
> ./argus_parse.c:265: dereferencing pointer to incomplete type
> ./argus_parse.c: In function `check_time':
> ./argus_parse.c:2112: storage size of `tmbuf' isn't known
> ./argus_parse.c:2134: warning: assignment makes pointer from
> integer without a
> cast
> ./argus_parse.c:2135: sizeof applied to an incomplete type
> ./argus_parse.c:2137: sizeof applied to an incomplete type
> ./argus_parse.c:2139: warning: assignment makes pointer from
> integer without a
> cast
> ./argus_parse.c:2140: sizeof applied to an incomplete type
> ./argus_parse.c:2142: sizeof applied to an incomplete type
> ./argus_parse.c:2150: warning: assignment makes pointer from
> integer without a
> cast
> ./argus_parse.c:2151: dereferencing pointer to incomplete type
> ./argus_parse.c:2151: invalid use of undefined type `struct tm'
> ./argus_parse.c:2152: sizeof applied to an incomplete type
> ./argus_parse.c: In function `check_time_format':
> ./argus_parse.c:2314: sizeof applied to an incomplete type
> ./argus_parse.c:2316: invalid use of undefined type `struct tm'
> ./argus_parse.c:2317: invalid use of undefined type `struct tm'
> ./argus_parse.c:2318: invalid use of undefined type `struct tm'
> ./argus_parse.c:2319: invalid use of undefined type `struct tm'
> ./argus_parse.c:2320: invalid use of undefined type `struct tm'
> ./argus_parse.c:2321: invalid use of undefined type `struct tm'
> ./argus_parse.c: In function `parseTime':
> ./argus_parse.c:2351: sizeof applied to an incomplete type
> ./argus_parse.c:2381: dereferencing pointer to incomplete type
> ./argus_parse.c:2390: dereferencing pointer to incomplete type
> ./argus_parse.c:2400: dereferencing pointer to incomplete type
> ./argus_parse.c:2433: dereferencing pointer to incomplete type
> ./argus_parse.c:2434: dereferencing pointer to incomplete type
> ./argus_parse.c:2435: dereferencing pointer to incomplete type
> ./argus_parse.c:2442: dereferencing pointer to incomplete type
> ./argus_parse.c:2444: dereferencing pointer to incomplete type
> ./argus_parse.c:2444: dereferencing pointer to incomplete type
> ./argus_parse.c:2446: dereferencing pointer to incomplete type
> ./argus_parse.c:2446: dereferencing pointer to incomplete type
> ./argus_parse.c:2448: dereferencing pointer to incomplete type
> ./argus_parse.c:2448: dereferencing pointer to incomplete type
> ./argus_parse.c:2450: dereferencing pointer to incomplete type
> ./argus_parse.c:2450: dereferencing pointer to incomplete type
> ./argus_parse.c:2452: dereferencing pointer to incomplete type
> ./argus_parse.c:2452: dereferencing pointer to incomplete type
> ./argus_parse.c:2457: warning: assignment makes pointer from
> integer without a
> cast
> ../include/argus_parse.h:169: storage size of `tm_lasttime'
> isn't known
> ../include/argus_parse.h:170: storage size of `tm_startime'
> isn't known
> ../include/argus_parse.h:172: storage size of
> `starTimeFilter' isn't known
> ../include/argus_parse.h:173: storage size of
> `lastTimeFilter' isn't known
> make[1]: *** [argus_parse.o] Error 1
> make[1]: Leaving directory `/usr/local/nva/src/argus-2.0.1/common'
> making in clients
> make[1]: Entering directory `/usr/local/nva/src/argus-2.0.1/clients'
> make[1]: *** No rule to make target `../lib/argus_parse.a', needed by
> `../bin/ra'.  Stop.
> make[1]: Leaving directory `/usr/local/nva/src/argus-2.0.1/clients'
> [root <at> epic argus-2.0.1]#
>
>
>
>
> >===== Original Message From argus-announce-admin <at> qosient.com =====
> Gentle people,
>    Argus-2.0.1 has been released and is available from the
> web site at http://qosient.com/argus/downloads.htm.  This
> version of argus addresses many issues relating to argus
> being used in heavily loaded networks, and so 2.0.1 provides
> a significant improvement in performance and reliability.
>
> Argus-2.0.1 also has many bug fixes for argus-2.0.0, so even
> if you're simply analyzing curious packet capture files,
> argus-2.0.1 will have some improvements for you.
>
> Argus-2.0.1 is fully backward compatible, so no problem with
> your argus-2.0.0 data.  Please download argus-2.0.1 at your
> convenience.
>
> Thanks and have a great weekend!
>
> Carter
>
> Carter Bullard
> QoSient, LLC
> 300 E. 56th Street, Suite 18K
> New York, New York  10022
>
> carter <at> qosient.com
> Phone +1 212 588-9133
> Fax   +1 212 588-9134
> http://qosient.com
>
> _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>
> Chris Newton, Systems Analyst
> Computing Services, University of New Brunswick
> newton <at> unb.ca 506-447-3212(voice) 506-453-3590(fax)
>
>

Permalink | Reply | 1001 comments |
headers
Carter Bullard | 5 May 2001 02:42

Re: argus-2.0.1

Gentle people,
   There was a little goof up this morning
with the distribution of argus-2.0.1, as .debug
and .devel files found their way into the distribution,
and there were some issues with regard to RH 7.1
errors.  The 2.0.1 version that is on the server is
hopefully now ready for prime time.  RH 7.1 will
still generate some warning messages (only OS to do that,
I wonder what they are up to).

   For those that may have downloaded today, if you were
making on anything but RH 7.1, there is no need
to download again.  You may want to reconfigure and remake
with the ./.debug and the ./.devel files removed, but
that is purely optional.

Thanks for all the responses!!!  If you do find problems,
please send mail!!!!

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter <at> qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

  

Permalink | Reply | 0 comments |
headers
Chris Newton | 5 May 2001 04:07
Picon

RE: argus-2.0.1

The new build seems to work well on redhat 7.1 now.  Ohh, and I have a new box 
:)  This one is a dual 800 Mhz PIII with 512 MB...  Next week will arrive 
another, this one a dual gig PIII, with 1 GB ram and three 10K ultra160 
drives.  Should be able to do lots of processing on these boxes :)

Thanks Carter, great work!

Chris

>===== Original Message From <carter <at> qosient.com> =====
>Gentle people,
>   There was a little goof up this morning
>with the distribution of argus-2.0.1, as .debug
>and .devel files found their way into the distribution,
>and there were some issues with regard to RH 7.1
>errors.  The 2.0.1 version that is on the server is
>hopefully now ready for prime time.  RH 7.1 will
>still generate some warning messages (only OS to do that,
>I wonder what they are up to).
>
>   For those that may have downloaded today, if you were
>making on anything but RH 7.1, there is no need
>to download again.  You may want to reconfigure and remake
>with the ./.debug and the ./.devel files removed, but
>that is purely optional.
>
>Thanks for all the responses!!!  If you do find problems,
>please send mail!!!!
>
>Carter
>
>Carter Bullard
>QoSient, LLC
>300 E. 56th Street, Suite 18K
>New York, New York  10022
>
>carter <at> qosient.com
>Phone +1 212 588-9133
>Fax   +1 212 588-9134
>http://qosient.com

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

Chris Newton, Systems Analyst
Computing Services, University of New Brunswick
newton <at> unb.ca 506-447-3212(voice) 506-453-3590(fax)
Permalink | Reply | 0 comments |

Gmane