ICMP Overloading Argus
Carter Bullard
carter at qosient.com
Wed Aug 20 20:16:54 EDT 2003
Hey Eric,
On your system you should do a few tweaks.
Increase ARGUS_MAXWRITENUM to 8192 and ArgusMaxListLength
to 514288 in the file ./server/ArgusUtil.c around line 820.
That should help you a lot.
Carter
> -----Original Message-----
> From: Eric [mailto:eric at catastrophe.net]
> Sent: Wednesday, August 20, 2003 6:42 PM
> To: Carter Bullard
> Cc: argus-info at lists.andrew.cmu.edu
> Subject: Re: ICMP Overloading Argus
>
>
> On Wed, 2003-08-20 at 15:57:08 -0400, Carter Bullard proclaimed...
>
> > So you should look in /var/log/messages to see if argus
> > is writing anything to syslog. You will probably want to
> > increase some constants in the code, but lets see if
> > argus was saying anything before it closed.
>
> Here's what pops up on my terminal when argus dies.
>
> When argus dies from the overload, this is what we see...
>
> argus[45470]: ArgusWriteOutSocket(0x8160000) Queue Count 50001
> argus[45470]: ArgusWriteOutSocket(0x8160000) Queue Count 172722
> argus[45470]: ArgusWriteOutSocket(0x8160000) Queue Exceeded
> Maximum Limit
> argus[45470]: ArgusHandleData: ArgusWriteOutSocket failed Resource
> temporarily unavailable
> argus[45470]: ArgusHandleData: Terminating process 45471
>
More information about the argus
mailing list