Argus 1.8

[Neil Long]

Your wish, etc

% /usr/ucb/ps -uaxwwww | fgrep argus
root      7395 11.4  7.21872817768 ?        S   Apr 14 2181:00 argus -F
/somewhere/argus_filter -w /somewhere-else/argus/argus.file -P 998 -i
hme1

and (most recent file, not active one)

% ~/argus-1.8/ra -ncr argus.05.10.12:00 man
Wed 05/10 11:00:00      man         0.0.0.0                 255.0.0.0
      0      0       0         0        INT
Wed 05/10 11:04:44      man  pkts  3087309  drops     0   flows active
  8871   closed  10720                 STA
Wed 05/10 11:09:44      man  pkts  3211415  drops     0   flows active
  8918   closed  10428                 STA
Wed 05/10 11:14:44      man  pkts  3309842  drops     0   flows active
  9145   closed  12793                 STA
Wed 05/10 11:19:44      man  pkts  3176783  drops     0   flows active
  9386   closed  11768                 STA
Wed 05/10 11:24:44      man  pkts  3173571  drops     0   flows active
  9680   closed  12296                 STA
Wed 05/10 11:29:44      man  pkts  3223459  drops     0   flows active
 10091   closed  13555                 STA
Wed 05/10 11:34:44      man  pkts  3175540  drops     0   flows active
  9953   closed  15254                 STA
Wed 05/10 11:39:44      man  pkts  3190109  drops     0   flows active
 10164   closed  11115                 STA
Wed 05/10 11:44:44      man  pkts  3063094  drops     0   flows active
 10318   closed  11458                 STA
Wed 05/10 11:49:44      man  pkts  2904796  drops     0   flows active
 10271   closed  11433                 STA
Wed 05/10 11:54:44      man  pkts  2745418  drops     0   flows active
 10494   closed  19487                 STA
Wed 05/10 11:59:44      man  pkts  2852358  drops     0   flows active
 11035   closed  11714                 STA


We have changed some routing tables to dump local non-existent sub-nets
to the bit bucket and some other changes so a fresh start of argus
could have different behaviour, however I am happy to leave it run as
is for the time being. Times are GMT+1.

Neil

On May 10,  4:23am, Carter Bullard wrote:
> Subject: RE: Argus 1.8
>
>
> Hey Neil,
> Good to hear from you, and thanks!  I've been
> wondering about your memory problems.
>
> My Argi don't get any bigger than 5M, and so
> seeing yours getting into the 13M range has
> my curiosity.  Either you've got a lot of
> flows, or we could have a protocol specific
> leak.
>
> Could you capture a few management records
> for us and post them to the list?  Just a
> 'ra -ncr filename man' would be great!!!!!
> One or two is all we really need, and a
> '/usr/ucb/ps -uaxwwww | fgrep argus' at
> the same time would be excellent!!!!!
>
> If its not a bother!!
> Thanks
>
> Carter
>
>
> > -----Original Message-----
> > From: Neil Long [mailto:neil.long at computing-services.oxford.ac.uk]
> > Sent: Wednesday, May 10, 2000 7:02 AM
> > To: Bullard, Carter [NYPAR:DS33:EXCH]
> > Subject: Re: Argus 1.8
> >
> >
> > Hello Carter,
> >
> > the list has been nice and quiet!
> >
> > just an info point
> >
> > The memory 'leakage' question
> >
> > after running the argus daemon on a Solaris 7 box for an extended
time
> > I have not seen a major increase - who knows why I saw that before
-
> > who cares if it never happens again 8-)
> >
> > 05/04) at 16:12 5392K 4824K
> > April  7 18:22 5392K 4824K
> > April 11 17:26 8840K 8232K
> > April 12 10:35 13M   13M
> > April 14 11:30 13M   13M
> >
> > Apr 14 17:42 startup
> > Apr 26 18M 18M
> > May 10 18M   17M
> >
> >


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Dr Neil J Long, Computing Services, University of Oxford
 13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 Fax:+44 1865 273275
 EMail:       Neil.Long at computing-services.oxford.ac.uk  
 PGP:    ID 0xE88EF71F    OxCERT: oxcert at ox.ac.uk PGP: ID 0x4B11561D