Argus - The All Seeing, System and Network Monitoring Software

Screen Shots
Mailing List

Extended Service Tests

Extended testing support was added in version 3.2
Extended testing is an advanced feature. If you are just starting out with argus it is recommended that you stick to the standard built-in service tests as described in services

In previous versions, most services could be tested only with an expect regular expression, except for SNMP tests which could have minimum or maximum value tests, etc.

Now, most services (those places where it makes sense) can use all of the tests that used to be available only for SNMP. Such as

  • expect - a regular expression to expect
  • nexpect - a regular expression to not expect
  • eqvalue - value must be equal to this
  • nevalue - value must not be equal to this
  • minvalue - value must be this or more
  • maxvalue - value must be this or less

There are also several pre-processing and calculations that can be performed before testing

  • pluck - a regular expression used to pull a value out of some content.
  • unpack - an unpack expression to pull a value from a binary packet
  • calc - perform a calculation, such as averaging, or rate
  • scale - apply a scale factor

for example

	Service TCP {
		uname:		disk-space
		messagedn:	/home is nearly full
		port:		6543
		send:		/home
		pluck:		\s(\d+)%
		maxvalue:	90
	Service UDP/NTP {
		uname:		dispersion
		messagedn:	clock has drifted too far
		unpack:		x8 N
		scale:		65536
		maxvalue:	2
	Service UDP/DNS/Serial/ {
		minvalue:	2002010100
		maxvalue:	2004123100

Aberrant Behavior Detection

Services can be checked for values outside of the predicted range using Holt Winters


All services which can make use of the extended tests can have the resulting value graphed. See the documentation on graphing.