Extended Service Tests

Extended testing support was added in version 3.2

Extended testing is an advanced feature. If you are just starting out with argus it is recommended that you stick to the standard built-in service tests as described in services

In previous versions, most services could be tested only with an expect regular expression, except for SNMP tests which could have minimum or maximum value tests, etc.

Now, most services (those places where it makes sense) can use all of the tests that used to be available only for SNMP. Such as

expect - a regular expression to expect
nexpect - a regular expression to not expect
eqvalue - value must be equal to this
nevalue - value must not be equal to this
minvalue - value must be this or more
maxvalue - value must be this or less

There are also several pre-processing and calculations that can be performed before testing

pluck - a regular expression used to pull a value out of some content.
unpack - an unpack expression to pull a value from a binary packet
calc - perform a calculation, such as averaging, or rate
scale - apply a scale factor

for example

	Service TCP {
		uname:		disk-space
		messagedn:	/home is nearly full
		port:		6543
		send:		/home
		pluck:		\s(\d+)%
		maxvalue:	90
	}
	Service UDP/NTP {
		uname:		dispersion
		messagedn:	clock has drifted too far
		unpack:		x8 N
		scale:		65536
		maxvalue:	2
	}
	Service UDP/DNS/Serial/example.com {
		minvalue:	2002010100
		maxvalue:	2004123100
	}

Aberrant Behavior Detection

Services can be checked for values outside of the predicted range using Holt Winters

Graphing

All services which can make use of the extended tests can have the resulting value graphed. See the documentation on graphing.