ragator memory usage
Carter Bullard
carter at qosient.com
Thu Jun 14 20:37:33 EDT 2001
Hmmmmm,
Is this argus-clients code or argus-2.0.2 code?
Carter
-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Russell
Fulton
Sent: Thursday, June 14, 2001 6:26 PM
To: argus-info at lists.andrew.cmu.edu
Subject: Re: RE: ragator memory usage
Thanks Carter,
On Thu, 14 Jun 2001 09:12:35 -0400 Carter Bullard <carter at qosient.com>
wrote:
> Hey Russell,
> No config file = infinite timeout. Try a timeout
That's what I suspected.
> of around 3600 seconds. If you have long running transactions, you'll
> still hourly status reports, which maybe good, maybe bad.
I'm processing hourly files one at a time so I'll set it to something
less than 3600.
>
> If this is not giving you what you want, then I can
> make a change to ragator() so that it has independent
> idle timeout and per transaction status timeouts.
> Right now they are the same number.
>
> Give this config a try.
>
> #label id SrcCIDRAddr DstCIDRAddr Proto SrcPort DstPort
> ModelList Duration
> Flow 100 * * * * *
200
> 3600
>
> # label id SrcAddrMask DstAddrMask Proto SrcPort
> DstPort
> Model 200 255.255.255.255 255.255.255.255 yes yes
yes
>
OK, i've tried this and I now get a segfault (but no core?) after
processing for a few seconds. This is a debian Linux system (potato)
anyone suggest how I can force this to produce a dump?
I've tried various timeouts but it does not seem to make any difference.
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
More information about the argus
mailing list