ra crashes on output file rotate

Tue Feb 26 11:40:23 EST 2002

Sorry to be the bearer of bad news, but this collection client doesn't work
for us at all.

When I run with full debugging, I get this for every flow record:

ra[9352]: 26 Feb 02 10:09:24 ArgusWriteNewLogFile (/var/log/flow/argus/tmp.argus
out, 0x83a08) returning 0
ra[9352]: 26 Feb 02 10:09:24 ArgusHandleDatum (0x147ee8, 0x92034) returning 0
ra[9352]: 26 Feb 02 10:09:24 ArgusReadStreamSocket (0x110fa0) returning 0
ra[9352]: 26 Feb 02 10:09:24 ArgusReadStreamSocket (0x110fa0) starting
ra[9352]: 26 Feb 02 10:09:24 ArgusReadStreamSocket (0x110fa0) read 16 bytes
ra[9352]: 26 Feb 02 10:09:24 ArgusReadStreamSocket (0x110fa0) returning 0
ra[9352]: 26 Feb 02 10:09:24 ArgusReadStreamSocket (0x110fa0) starting
ra[9352]: 26 Feb 02 10:09:24 ArgusReadStreamSocket (0x110fa0) read 88 bytes
ra[9352]: 26 Feb 02 10:09:24 ArgusGenerateCanonicalRecord (0x147ee8, 0xffbee268)
 returning 
ra[9352]: 26 Feb 02 10:09:16 ArgusWriteNewLogFile (/var/log/flow/argus/tmp.argus
 out, 0x83a08) returning 0
ra[9352]: 26 Feb 02 10:09:16 ArgusHandleDatum (0x147ee8, 0x92034) returning 0
ra[9352]: 26 Feb 02 10:09:16 ArgusReadStreamSocket (0x110fa0) returning 0
ra[9352]: 26 Feb 02 10:09:16 ArgusReadStreamSocket (0x110fa0) starting
ra[9352]: 26 Feb 02 10:09:16 ArgusReadStreamSocket (0x110fa0) read 16 bytes
ra[9352]: 26 Feb 02 10:09:16 ArgusReadStreamSocket (0x110fa0) returning 0
ra[9352]: 26 Feb 02 10:09:16 ArgusReadStreamSocket (0x110fa0) starting
ra[9352]: 26 Feb 02 10:09:16 ArgusReadStreamSocket (0x110fa0) read 88 bytes
ra[9352]: 26 Feb 02 10:09:16 ArgusGenerateCanonicalRecord (0x147ee8, 0xffbee268)
  returning

But when I look at the outfile, it's mode 000, and it's empty.  If I chmod
it to something reasonable and try again, the outfile is still empty.  So
when I run a truss on the process, I see this:

9375:   poll(0xFFBEF478, 1, 250)                        = 1
9375:   read(4, "0104\0A4\090\b\08087\f '".., 16)       = 16
9375:   poll(0xFFBEF478, 1, 250)                        = 1
9375:   read(4, "01 H\0\0\0D3F19B < {B3CF".., 148)      = 148
9375:   open("/var/log/flow/argus/tmp.argusout", O_RDONLY|O_APPEND|O_CREAT, 0) = 5
9375:   fstat(5, 0xFFBEE338)                            = 0
9375:   write(5, "8001\080\080\0\0E5 a zCB".., 128)     Err#9 EBADF
9375:   write(5, "0104\0A4\090\b\08087\f '".., 164)     Err#9 EBADF
9375:   close(5)                                        = 0
9375:   poll(0xFFBEF478, 1, 250)                        = 1
9375:   read(4, "0104\0A4\090\b\08087\f '".., 16)       = 16
9375:   poll(0xFFBEF478, 1, 250)                        = 1
9375:   read(4, "01 H\0\0\0D3F19C < {B3CF".., 148)      = 148
9375:   open("/var/log/flow/argus/tmp.argusout", O_RDONLY|O_APPEND|O_CREAT, 0) = 5

So, the writes are now failing with a Bad File Number error message.. 
weird.  If this message doesn't help at all, I can go digging around
later today and try and come up with a patch.

david