Installation of Argus in Ubuntu 12.04 (32/64 bit)

  • Step 1 – Install m4

Go to ftp://prep.ai.mit.edu/pub/gnu/m4/ , download the newest version of M4 and Install.

  • Step 2 – flex

Go to http://flex.sourceforge.net/, download the newest version of Flex and install.

  • Step 3 – bison

Go to ftp://prep.ai.mit.edu/pub/gnu/bison/, download the newest version of Bison and install.

  • Step 4 – Winpcap

Go to http://www.winpcap.org/devel.htm, download the SOURCE CODE and do the following:

Get into the diretory “~/wpcap/winpcap/wpcap/libpcap”

chmod a+x configure

Then:

./configure
make
sudo make install
  • Step 5 – ncurses

To install ncurses in ubuntu:

sudo apt-get install build-essential
sudo apt-get install libncurses5-dev

If Korean is needed to ouput:

sudo apt-get install libncursesw5-dev
  • Step 6 – mysql

To install MySQL, run the following command from a terminal prompt:

sudo apt-get install mysql-server

During the installation process you will be prompted to enter a password for the MySQL root user.

Once the installation is complete, the MySQL server should be started automatically. You can run the following command from a terminal prompt to check whether the MySQL server is running:

sudo netstat -tap | grep mysql

When you run this command, you should see the following line or something similar:

tcp        0      0 localhost:mysql         *:*                LISTEN      2556/mysqld

If the server is not running correctly, you can type the following command to start it:

sudo service mysql restart
 Install mysql-libs:
sudo apt-get install libmysqlclient-dev
  • Step 7 – Argus

Download the argus Server and Client from the download page : [http://qosient.com/argus/index.shtml]

Go to the Argus Server && Client Directory to run following commands respectively:

[ Server Directory-“argus-3.0.6.1”,  Client Directory-“argus-clients-3.0.6.2”]

./configure
make
sudo make install
  • Step 8 – Set up mysql

Get into mysql:

mysql -u root -p
Enter password:

Create database:

create database argusData;

Create a new User:

grant all on arugsData.* to argusUser@localhost identified by 'argusPassword';
GRANT ALL PRIVILEGES ON argusData.* TO 'argusUser'@'%';
flush privileges;

Start Argus Server:

Go to the “bin” Directory in Server folder, and

sudo ./argus -P 3434 -m

Start Argus Client and write the data received from server-sideto the DB : 
Go to the "bin" Directory in Server folder, and
./rasqlinsert -M cache -m none -S localhost:3434 -w mysql://argusUser:argusPassword@localhost/argusData/argusTable

[More Detailed Version of Insert:]

./rasqlinsert -M cache -m none -S localhost:3434 -w mysql://argusUser:argusPassword@localhost/argusData/argusTable6 \
-s +ltime +seq +dur +mean +stddev +smac +dmac +sum +min +max +soui +doui +sco +dco +spkts +dpkts +sbytes +dbytes +rate +srate +drate

Appendix:

select stime,flgs,proto,saddr,sport,dir,daddr,dport,pkts,bytes,state, length(record) as len from argusTable where dport = 22;


					
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s