No joy with argus-2.0.0.e

Carter Bullard carter at qosient.com
Fri Sep 15 22:10:38 EDT 2000 

Hey Russell,
   Sorry for the trouble.  I'm sure that we've got
some big bugs lying in wait, so lets see if we can
kill this one.  Could you send me the output
of:
      od -x data2/current | head -40

This will tell me what the problem is reading the
output file.

   I will look into the memory freeing problem
this weekend.

If you get into this state again, look at a top
or a ps to see if one of the argus processes
is eating up 100% of the cpu (infinite loop).
If the 100% process was compiled with -g, you
can run:

   gdb argus_bpf

and when you get the prompt, type

   attach 100%processpid

That will tell you where you are and stepping
through you should find the loop that your in.

Carter




-----Original Message-----
From: owner-argus at lists.andrew.cmu.edu
[mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Russell Fulton
Sent: Thursday, September 14, 2000 6:27 PM
To: argus at lists.andrew.cmu.edu
Subject: No joy with argus-2.0.0.e


Hi All,
	I am not having much success with the 2e release.  I started
argus server yesterday afternoon and this morning I find:

bash-2.03$ ps ax | grep bpf
17146  p0- S      0:45.06 argus-2.0.0e/bin/argus_bpf -i fxp0 -w
data2/current
17147  p0- S      1:01.20 argus-2.0.0e/bin/argus_bpf -i fxp0 -w
data2/current
17577  p0- S      0:05.95 argus-2.0.0e/bin/argus_bpf -i fxp0 -w
data2/current
18251  p0  S+     0:00.01 grep bpf
bash-2.03$ date
Fri Sep 15 10:13:13 NZST 2000
bash-2.03$ ls -l data2/current
-rw-r--r--  1 root  argus  48087996 Sep 15 00:37 data2/current
bash-2.03$ argus-2.0.0e/bin/ra -ncr data2/current
14 Sep 00 15:04:16  man  pkts      0  bytes        0  drops     0
STP

I.e processes appearantly running OK, but the output file has not been
updated for nearly 10 hours and when I run ra it says there is nothing
in the file.

I've checked that we have not run out of disk.  Similar thing happened
yesterday so I restarted everything to see if I could reproduce it.

I also have an ra process listening on the port and that seems to have
hung to.  I.e. the server seems to have stopped writing records.

BTW I get the freed memory twice message a lot (ever few seconds), I
cant tell it is still doing that since they tested the power backup
last night (without warning) so I lost all my X sessions to the box.

The inability of ra to extract records seems to be unrelated to the
issue.

Cheers, Russell.

More information about the argus mailing list