Argus: Difference between revisions

From MediaWiki
Jump to navigationJump to search
(Created page with '= Managing Argus = == Using the NST WUI == You can use the Network Security Toolkit Web based User Interface (WUI) to: * Edit the Argus configuration (see the: [http://argus.t…')
 
Line 19: Line 19:
=== Edit Argus Configuration ===
=== Edit Argus Configuration ===


Argus uses the directory: "''/var/nst/argus-monitor'': as the location for its data and configuration files.  You will want to customize the "''/var/argus-monitor/config''" file for the systems you want Argus to monitor (refer to the documentation at the [http://argus.tcp4me.com/ Argus] site for details on configuration).
Argus uses the directory "''/var/nst/argus-monitor''" as the location for its data and configuration files.  You will want to customize the "''/var/argus-monitor/config''" file for the systems you want Argus to monitor (refer to the documentation at the [http://argus.tcp4me.com/ Argus] site for details on configuration).


=== Starting The Argus Service ===
=== Starting The Argus Service ===

Revision as of 08:31, 6 November 2010

Managing Argus

Using the NST WUI

You can use the Network Security Toolkit Web based User Interface (WUI) to:

  • Edit the Argus configuration (see the: Argus Site for details)
  • Start the argusd service
  • Stop the argusd service
  • Control whether the argusd service is started automatically at boot time
  • Access the Argus web interface

You can find the Argus management page in the NST WUI by selecting: Network then Monitors then Argus Setup from the main menu bar found at the top of every NST WUI page.

Using the Command Line

You can manage Argus from the command line as well.

Edit Argus Configuration

Argus uses the directory "/var/nst/argus-monitor" as the location for its data and configuration files. You will want to customize the "/var/argus-monitor/config" file for the systems you want Argus to monitor (refer to the documentation at the Argus site for details on configuration).

Starting The Argus Service

The following command is used to start the argusd service:

[root@probe root]# service argusd start Starting argusd: [ OK ] [root@probe root]#

Stopping The Argus Service

The following command is used to stop the argusd service:

[root@probe root]# service argusd stop Stopping argusd: [ OK ] [root@probe root]#

Reloading The Argus Configuration

If you modify your Argus configuration file, you will either need to restart the argusd service, or send the argusd service a HUP signal using the argusctl command as shown below:

[root@probe root]# argusctl hup ARGUS/2.0 200 OK [root@probe root]#

There are many things you can do with the argusctl command, try invoking it the help option for additional details.

Viewing The Argus Web Interface

After configuring and starting Argus, you'll probably want to make use of its web based user interface. If you used the Network Security Toolkit WUI to start argus, you can just click on the link provided on the page. Alternatively, you can point your browser at https://HOST/argus/argus.cgi where HOST is the IP address of your NST system.

Argus Login

Since you can do so much through the Network Security Toolkit web based user interface, you must always authorize yourself prior to gaining access. The Argus package has its own web based user interface and also requires authorization prior to allowing one to access the service. When accessing the Argus interface, you will need to log in as root and leave the password field blank.

Enabling Email Notifications

The argus service is capable of sending out email notifications when systems that it has been configured to monitor go down or up (have a state transition). In order to accomplish this, the following things need to be done:

  • You must have the sendmail service running on your Network Security Toolkit probe. This is accomplished via the setup_sendmail script or more simply via the NST WUI (Network, then eMail then Sendmail Service Manager from the NST WUI menu bar).
  • You must specify "yes" to one or more "sendnotify" parameters in: "/var/argus-monitor/config".
  • You must specify a valid email address in one or more "notify" parameters in: "/var/argus-monitor/config".

Take a look the file: "/var/argus-monitor/config". It has comments around the lines that need to be changed to enable email.