argus-clients informal survey
Carter Bullard
carter at qosient.com
Thu Jun 21 17:14:21 EDT 2001
Hey Chris,
[snip]
> the confused stream output that argus gets into (when it
> actually lives
> through the attack, lots of times it crashes , not being able
> to dump out the
> flow records (1 record per packet basically) fast enough).
It is very difficult to get it right if there are problems
that are not being reported. Is argus actually core dumping,
or is it just exiting?
It would also be nice if you were to test whether writing
the records to the local disk would give you better
performance. I'm not saying that it will solve the problems,
but it may help to figure out what the problem is.
Did you change the queue sizes to try to solve the problem?
Do you have enough memory on the machine?
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
carter at qosient.com
Phone +1 212 588-9133
Fax +1 212 588-9134
http://qosient.com
More information about the argus
mailing list