To Do List
This is a list of features that we are either currently working on in the next release of argus and argus-clients or are things we are thinking about on the developers list. This is not at all a complete list of interesting things to do, and a lot of simple stuff is obviously missing, like Visualization, or Nagios integration, or SIM integration. Please feel free to comment and contribute to this list through the developers mailing list.
Argus[-clients]-3.0.4
The current list of formal efforts we will add to argus-3.0.3 are:
1 |
Better multi-core support for argus and radium, to improve performance and to support new emerging vendor technologies. |
|---|---|
2 |
Improve archive management and performance. Investigate using technologies like Sector/Sphere to improve search queries against large amounts of flow data (need partners for this). |
3 |
Continue to add attributes to argus data to improve its ability to support Network Operations, Performance and Security management. In particular, to add control plane flow monitoring and host based information elements, such as user and process identifiers to flow data. |
4 |
Introduce Mac OS X visualization and data management applications into the open source code base, and to improve on our globe and our 3D visualilzation methods. |
5 |
Improve and document what we've got. |
These 5 items include the described issues below:
Full multi-threaded model for argus packet processing. This is designed to turn on a few more of your cores for flow processing.
Argus "events" modules. Provide support for argus to inject non-flow data/metrics into the argus data stream. Data such as SNMP MIB derived data, or /dev/proc (for machines that have /dev/proc) data. The purpose of this is to bring other data into the flow data stream for cross-dimensional correlation. The #1 goal is to provide a mechanism so that argus clients can get application information for the network flows that are being monitored. This is currently working very well in a number of test sites, however, we need work on client parsers for the data types that we report.
Wireless Argus. There are a huge number of operations, performance and security issues that can be addressed with better 802.11ABGN monitoring. Argus runs in laptops and wireless workstations, and OpenWRT based wireless routers. This project will extend argus to provide radio control plane flows, to understand key exchanges, the emergence of new end systems, etc... So suggestions for tracking wireless hosts for operations, performance and security will be most welcome indeed.
Shared client libraries.