Argus 1.8

Carter Bullard cbullard at nortelnetworks.com
Wed May 10 08:03:36 EDT 2000 

Hey Neil,
   10,000 concurrent flows is pretty good.  The byte impact
per flow is between 130-212 bytes, depending on the protocol,
and to that should get you into the 2.2 MBytes of just data.
This is probably a good guess, but since I'm working off
of memory, I'd say its at least order of magnitude close.

I'm interested in the number, as it a little higher than
I would have expected.  The Argus man records actually
have the flow stats broken down by protocol, we just don't
print them all out, as the line gets really long.

Do you mind sending a binary file of these man records?

~/argus-1.8/ra -w /tmp/argus.man -ncr argus.05.10.12:00 man

would do it!!

   Packet loads avg around 10,000 Pkts/sec, that seems pretty
reasonable.  Do these numbers seem reasonable to you?

Carter


> -----Original Message-----
> From: Neil Long [mailto:neil.long at computing-services.oxford.ac.uk]
> Sent: Wednesday, May 10, 2000 7:37 AM
> To: Bullard, Carter [NYPAR:DS33:EXCH]
> Cc: Argus (E-mail)
> Subject: Re: Argus 1.8
> 
> 
> Your wish, etc
> 
> % /usr/ucb/ps -uaxwwww | fgrep argus
> root      7395 11.4  7.21872817768 ?        S   Apr 14 
> 2181:00 argus -F
> /somewhere/argus_filter -w /somewhere-else/argus/argus.file -P 998 -i
> hme1
> 
> and (most recent file, not active one)
> 
> % ~/argus-1.8/ra -ncr argus.05.10.12:00 man
> Wed 05/10 11:00:00      man         0.0.0.0                 255.0.0.0
>       0      0       0         0        INT
> Wed 05/10 11:04:44      man  pkts  3087309  drops     0   flows active
>   8871   closed  10720                 STA
> Wed 05/10 11:09:44      man  pkts  3211415  drops     0   flows active
>   8918   closed  10428                 STA
> Wed 05/10 11:14:44      man  pkts  3309842  drops     0   flows active
>   9145   closed  12793                 STA
> Wed 05/10 11:19:44      man  pkts  3176783  drops     0   flows active
>   9386   closed  11768                 STA
> Wed 05/10 11:24:44      man  pkts  3173571  drops     0   flows active
>   9680   closed  12296                 STA
> Wed 05/10 11:29:44      man  pkts  3223459  drops     0   flows active
>  10091   closed  13555                 STA
> Wed 05/10 11:34:44      man  pkts  3175540  drops     0   flows active
>   9953   closed  15254                 STA
> Wed 05/10 11:39:44      man  pkts  3190109  drops     0   flows active
>  10164   closed  11115                 STA
> Wed 05/10 11:44:44      man  pkts  3063094  drops     0   flows active
>  10318   closed  11458                 STA
> Wed 05/10 11:49:44      man  pkts  2904796  drops     0   flows active
>  10271   closed  11433                 STA
> Wed 05/10 11:54:44      man  pkts  2745418  drops     0   flows active
>  10494   closed  19487                 STA
> Wed 05/10 11:59:44      man  pkts  2852358  drops     0   flows active
>  11035   closed  11714                 STA
> 
> 
> We have changed some routing tables to dump local 
> non-existent sub-nets
> to the bit bucket and some other changes so a fresh start of argus
> could have different behaviour, however I am happy to leave it run as
> is for the time being. Times are GMT+1.
> 
> Neil
> 
> On May 10,  4:23am, Carter Bullard wrote:
> > Subject: RE: Argus 1.8
> >
> >
> > Hey Neil,
> > Good to hear from you, and thanks!  I've been
> > wondering about your memory problems.
> >
> > My Argi don't get any bigger than 5M, and so
> > seeing yours getting into the 13M range has
> > my curiosity.  Either you've got a lot of
> > flows, or we could have a protocol specific
> > leak.
> >
> > Could you capture a few management records
> > for us and post them to the list?  Just a
> > 'ra -ncr filename man' would be great!!!!!
> > One or two is all we really need, and a
> > '/usr/ucb/ps -uaxwwww | fgrep argus' at
> > the same time would be excellent!!!!!
> >
> > If its not a bother!!
> > Thanks
> >
> > Carter
> >
> >
> > > -----Original Message-----
> > > From: Neil Long [mailto:neil.long at computing-services.oxford.ac.uk]
> > > Sent: Wednesday, May 10, 2000 7:02 AM
> > > To: Bullard, Carter [NYPAR:DS33:EXCH]
> > > Subject: Re: Argus 1.8
> > >
> > >
> > > Hello Carter,
> > >
> > > the list has been nice and quiet!
> > >
> > > just an info point
> > >
> > > The memory 'leakage' question
> > >
> > > after running the argus daemon on a Solaris 7 box for an extended
> time
> > > I have not seen a major increase - who knows why I saw that before
> -
> > > who cares if it never happens again 8-)
> > >
> > > 05/04) at 16:12 5392K 4824K
> > > April  7 18:22 5392K 4824K
> > > April 11 17:26 8840K 8232K
> > > April 12 10:35 13M   13M
> > > April 14 11:30 13M   13M
> > >
> > > Apr 14 17:42 startup
> > > Apr 26 18M 18M
> > > May 10 18M   17M
> > >
> > >
> 
> 
> -- 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  Dr Neil J Long, Computing Services, University of Oxford
>  13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 
> Fax:+44 1865 273275
>  EMail:       Neil.Long at computing-services.oxford.ac.uk  
>  PGP:    ID 0xE88EF71F    OxCERT: oxcert at ox.ac.uk PGP: ID 0x4B11561D
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20000510/fd37e673/attachment.html>

More information about the argus mailing list