Some errors today...

Carter Bullard carter at qosient.com
Wed May 30 10:33:41 EDT 2001 

Just a note,
   With ra(), if you are writing output to a file with
the "-w argus.out" option, you don't need the "-d 100"
option.  It doesn't do anything.

   You are running argus with the "-d" option
which puts it in daemon mode, so this doesn't jive
with what you are saying you are trying to accomplish.

   So what are in the argus.conf and rarc files?
They are probably much more important that the command
line options.

   To compile with the "-g" option, touch .devel in the
root directory.

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com 

-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Chris Newton
Sent: Wednesday, May 30, 2001 7:16 AM
To: Carter Bullard; argus-info at lists.andrew.cmu.edu
Subject: RE: Some errors today...


Hi Carter,  Hopefully this is everything you need:

  Argus version is the latest available.

  Both boxes, redhat 7.1
  Server: dual 800Mhz PIII, 512 MB ram
  Client: dual 1Ghz PIII, 1.2 GB ram

  Server argus client started up with:
  argus -P 561 -d -U 100 -i eth0 -F argus.conf

  Client started with:
  ra -S xxx.xxx.xxx.xxx -d 100 -F rarc -w argus.out

  where the xxx's are the IP address of the server.

  I have a very stupid wrapper shell script that exec's argus and ra...
but 
does not background the processes... ie: the scripts stop on the exec.
The 
next line is a jump back to the line in the script directly prior to the
exec 
of ra and argus.  So, when they die, they get respawned immediately.

  What files do I need to 'touch' in the argus source directory to turn
on 
debug again?  .debug, and something else, as I remember?

Thanks for any help ;)

Chris


>===== Original Message From "Carter Bullard" <carter at qosient.com> =====

>Hey Chris,
>   Need more information before I can make any comments.
>You seem to have generated errors that I have never
>seen before, so it would be nice to know what your setup
>is and how you are running argus/ra, and if they are stock
>or modified routines.
>
>The bind() errors are generally caused by competing argi, where one has

>the listen on the port, and another argus is trying to bind to the same

>port.  I have seen where some kernel's don't give up the port for quite

>a while (> 120 sec) after a process that has it open, exits.  I thought

>we solved that in the 2.x stuff, so I would bet that you are
>running multiple images of argus.
>
>   The "input record %d size = %d" error message is dubious, as this 
>value is a 16 bit value, and so it shouldn't be any bigger than 64K.  I

>haven't seen this, so if you have a file that has a record in it that 
>causes this message, I would definitely like to take a look.
>
>   The ArgusWriteNewLogfile() error message is a bug, and
>I'll try to have a fix for it tomorrow.
>
>If you could describe your situation a bit better, I should
>be able to shed some light on your problems.
>Hope this helps,
>
>Carter
>
>Carter Bullard
>QoSient, LLC
>300 E. 56th Street, Suite 18K
>New York, New York  10022
>
>carter at qosient.com
>Phone +1 212 588-9133
>Fax   +1 212 588-9134
>http://qosient.com
>
>-----Original Message-----
>From: owner-argus-info at lists.andrew.cmu.edu
>[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Chris 
>Newton
>Sent: Tuesday, May 29, 2001 2:18 PM
>To: argus-info at lists.andrew.cmu.edu
>Subject: Some errors today...
>
>
>Hi Carter, others.  I just put in place the sever/client thing today...

>and, on one side (client) I have (from /var/log/messages on both boxes,
>redhat
>7.1):
>
>May 29 11:22:13 odyssey ra[7874]: 
>ArgusWriteNewLogfile(/flowlogs/argus.out,
>0x806b4e0) stat error No such file or directory
>May 29 11:24:27 odyssey ragator[8377]: ArgusHandleDatum(0x407) input 
>record 37702 size = 135497464
>May 29 11:24:28 odyssey ragator[8385]: ArgusHandleDatum(0x97c) input
>record
>37907 size = 135497464
>May 29 11:28:43 odyssey ra[8081]:
>ArgusWriteNewLogfile(/flowlogs/argus.out,
>0x806b4e0) stat error No such file or directory
>May 29 12:13:46 odyssey ra[8639]:
>ArgusWriteNewLogfile(/flowlogs/argus.out,
>0x806b4e0) stat error No such file or directory
>May 29 12:33:17 odyssey ra[9632]:
>ArgusWriteNewLogfile(/flowlogs/argus.out,
>0x806b4e0) stat error No such file or directory
>May 29 12:36:47 odyssey ra[10714]:
>ArgusWriteNewLogfile(/flowlogs/argus.out,
>0x806b4e0) stat error No such file or directory
>May 29 13:29:21 odyssey ra[11665]:
>ArgusWriteNewLogfile(/flowlogs/argus.out,
>0x806b4e0) stat error No such file or directory
>May 29 14:35:13 odyssey ra[13563]: connect (4, 131.202.165.127:12546,
>16)
>failed Connection refused
>May 29 15:00:57 odyssey ra[13564]:
>ArgusWriteNewLogfile(/flowlogs/argus.out,
>0x806b4e0) stat error No such file or directory
>
>
>
>and, on the other side (server):
>
>May 29 13:01:44 epic argus[8390]: argus: ArgusEstablishListen: bind() 
>error May 29 13:01:44 epic argus[8392]: argus: ArgusEstablishListen:
>bind() error May 29 14:35:13 epic argus[8808]: argus:
>ArgusEstablishListen: bind() error May 29 14:35:13 epic argus[8810]:
>argus: ArgusEstablishListen: bind() error May 29 14:35:13 epic
>argus[8812]: argus: ArgusEstablishListen: bind() error May 29 14:35:13 
>epic argus[8814]: argus: ArgusEstablishListen: bind() error May 29 
>14:35:14 epic argus[8816]: argus: ArgusEstablishListen: bind() error
>
>
>on both sides, these errors caused both parts (ra, and argus) to crash.
>
>Chris
>
>_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>
>Chris Newton, Systems Analyst
>Computing Services, University of New Brunswick
>newton at unb.ca 506-447-3212(voice) 506-453-3590(fax)

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

Chris Newton, Systems Analyst
Computing Services, University of New Brunswick
newton at unb.ca 506-447-3212(voice) 506-453-3590(fax)

More information about the argus mailing list