FWD: RE: Argus, and moving 'live files'
Chris Newton
newton at unb.ca
Mon Mar 12 10:19:06 EST 2001
Nope, not in my recent messages file... though, searching back (grep argus *),
there was this:
messages.1:Mar 9 12:15:04 epic kernel: argus uses obsolete
(PF_INET,SOCK_PACKET)
But, I doubt that is related.
Chris
>===== Original Message From <carter at qosient.com> =====
>Hey Chris,
> You are getting any messages in /var/log/messages
>when this thing stops?
>
>Carter
>
>> -----Original Message-----
>> From: Chris Newton [mailto:newton at unb.ca]
>> Sent: Monday, March 12, 2001 9:13 AM
>> To: Carter Bullard; argus; Peter Van Epp
>> Subject: RE: FWD: RE: Argus, and moving 'live files'
>>
>>
>> Ah, ok. I started it up in non-daemon mode... I'll see if I
>> can get you some
>> debug output.
>>
>> I had already restarted the argus stuff (since we are doing
>> other testing
>> that, without output, slows us down :))... so, I'll let you
>> know when it
>> happens again. Next time, I should be able to get some debug
>> info for you.
>>
>> Chris
>>
>> >===== Original Message From <carter at qosient.com> =====
>> >Hey Chris,
>> >
>> >Debug output is sent to stdout, so you shouldn't be
>> >running in daemon mode, you'll want to remove that
>> >from any configuration file like /etc/argus.conf.
>> >Possibly we should do the gdb() thing instead. If
>> >the argi are all still up, I'll step you through a
>> >debug, but we'll have to do it after lunch today.
>> >I've got to work on a couple of proposals today.
>> >
>> >Carter
>> >
>> >Carter Bullard
>> >QoSient, LLC
>> >300 E. 56th Street, Suite 18K
>> >New York, New York 10022
>> >
>> >carter at qosient.com
>> >Phone +1 212 588-9133
>> >Fax +1 212 588-9134
>> >http://qosient.com
>> >
>> >> -----Original Message-----
>> >> From: Chris Newton [mailto:newton at unb.ca]
>> >> Sent: Monday, March 12, 2001 7:34 AM
>> >> To: Carter Bullard; argus; Peter Van Epp
>> >> Subject: RE: FWD: RE: Argus, and moving 'live files'
>> >>
>> >>
>> >> Hmm, happened again, at 3am, this morning. I'm not sure I
>> >> did the debugging
>> >> stuff right though. Where should the debug output be sent?
>> >>
>> >> I may need to let this happen again, but I want to make
>> >> sure I have the
>> >> debugging steps right, so I can get the output to you guys.
>> >>
>> >> Chris
>> >>
>> >> >===== Original Message From <carter at qosient.com> =====
>> >> >Hey Chris,
>> >> >What others have seen, is that the second process that argus
>> >> >spawns, is either eating up a lot of CPU or none at all.
>> >> >This is the flow record multiplexor, and so if its not doing
>> >> >what its suppose to do, then nothing is going to come out of
>> >> >the argus.
>> >> >
>> >> >There are several debugging strategies to find out what is
>> >> >going on. The first is to do a simple ps() to make sure that all
>> >> >the processes are there. In the case of writing out to a file,
>> >> >you should have at least 3 argus processes running all the time.
>> >> >If you do have 3 processes, you can use gdb to attach to each
>> >> >running process, and then step through them for a few
>> >> >instructions to see what they are doing.
>> >> >
>> >> >Another strategy is to turn debug support on for each process.
>> >> >If you've compiled in debug support, then you can send SIGUSR1
>> >> >signals to any argus process to turn on its debug reporting.
>> >> >So as an example, assuming that the 3 processes are 200, 201
>> >> >and 202:
>> >> >
>> >> > # kill -USR1 202
>> >> >
>> >> >will turn on debug reporting and set the debug level to one.
>> >> >Sending another SIGUSR1 will increment the debug level. To
>> >> >turn it off, send a SIGUSR2 to the process.
>> >> >
>> >> > # kill -USR2 202
>> >> >
>> >> >So you can test them all, by getting their debug level to 3 or
>> >> >4 and see what they think is going on.
>> >> >
>> >> >Carter
>> >> >
>> >> >Carter Bullard
>> >> >QoSient, LLC
>> >> >300 E. 56th Street, Suite 18K
>> >> >New York, New York 10022
>> >> >
>> >> >carter at qosient.com
>> >> >Phone +1 212 588-9133
>> >> >Fax +1 212 588-9134
>> >> >http://qosient.com
>> >> >
>> >> >> -----Original Message-----
>> >> >> From: Chris Newton [mailto:newton at unb.ca]
>> >> >> Sent: Thursday, March 08, 2001 1:33 PM
>> >> >> To: Carter Bullard; argus; Peter Van Epp
>> >> >> Subject: RE: FWD: RE: Argus, and moving 'live files'
>> >> >>
>> >> >>
>> >> >> >===== Original Message From <carter at qosient.com> =====
>> >> >> >Hey Guys,
>> >> >> > Chris, more than likely your problem doesn't have anything
>> >> >> >to do with the file moving itself. If Argus breaks, you will
>> >> >> >see that your file moving strategy will suddenly stop, as
>> >> >> >there won't be a file to move any more. So the file moving
>> >> >> >makes the problem much more apparent.
>> >> >>
>> >> >> Thats whats happening. I get errors from my script that
>> >> >> the 'argus-output'
>> >> >> file does not exist, and therefore, can't be moved. Argus is
>> >> >> still running
>> >> >> happily though.
>> >> >>
>> >> >> It happens out of the blue (the couple of times it has
>> >> >> happened). The
>> >> >> moving script runs happily along.. then, boom... errors, 'no
>> >> >> such file'. I
>> >> >> check, sure enough, Argus isn't recreating the new
>> >> >> 'argus-output' file
>> >> >> anymore. Kill restart argus, everything returns to normal.
>> >> >>
>> >> >> Chris
>> >> >>
>> >>
>> >> _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>> >>
>> >> Chris Newton, Systems Analyst
>> >> Computing Services, University of New Brunswick
>> >> newton at unb.ca 506-447-3212(voice) 506-453-3590(fax)
>> >>
>> >>
>>
>> _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>>
>> Chris Newton, Systems Analyst
>> Computing Services, University of New Brunswick
>> newton at unb.ca 506-447-3212(voice) 506-453-3590(fax)
>>
>>
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Chris Newton, Systems Analyst
Computing Services, University of New Brunswick
newton at unb.ca 506-447-3212(voice) 506-453-3590(fax)
More information about the argus
mailing list