ragator memory usage
Russell Fulton
r.fulton at auckland.ac.nz
Thu Jun 14 18:25:43 EDT 2001
Thanks Carter,
On Thu, 14 Jun 2001 09:12:35 -0400 Carter Bullard <carter at qosient.com>
wrote:
> Hey Russell,
> No config file = infinite timeout. Try a timeout
That's what I suspected.
> of around 3600 seconds. If you have long running
> transactions, you'll still hourly status reports,
> which maybe good, maybe bad.
I'm processing hourly files one at a time so I'll set it to something
less than 3600.
>
> If this is not giving you what you want, then I can
> make a change to ragator() so that it has independent
> idle timeout and per transaction status timeouts.
> Right now they are the same number.
>
> Give this config a try.
>
> #label id SrcCIDRAddr DstCIDRAddr Proto SrcPort DstPort
> ModelList Duration
> Flow 100 * * * * * 200
> 3600
>
> # label id SrcAddrMask DstAddrMask Proto SrcPort
> DstPort
> Model 200 255.255.255.255 255.255.255.255 yes yes yes
>
OK, i've tried this and I now get a segfault (but no core?) after
processing for a few seconds. This is a debian Linux system (potato)
anyone suggest how I can force this to produce a dump?
I've tried various timeouts but it does not seem to make any difference.
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
More information about the argus
mailing list