[ARGUS] argus-2.0.6.fixes.1/FreeBSD-4.10 <=> argus-clients-2.0.6.fixes.1/FC2

Joe Christy joe at eshu.net
Fri Aug 13 11:51:10 EDT 2004


   Vis-a-vis Peter's note of 08/12/2004 05:53 PM:
> On Tue, Aug 10, 2004 at 09:56:38PM -0700, Joe Christy wrote:
> 
>> ...  I've now devoted another 8 hours to hammering on
>>(non-)interoperability and temporarily run out of ideas.
>>

	Sorry to be so silent - as a consultant whose laptop died on Tuesday 
taking all my (providentiually backed-up) business records and sw with 
it, I've been highly distracted in the moments I've not been building 
firewalls & dealing w/ customer's email routing issues or maintaining 
Activities of Daily Life.

> ...
> 	Is the Linix machine an AMD opteron running in 64 bit mode by chance?
> ...

	No, it's Hyper-threaded P4 running a 2.6.7 SMP kernel. The second Linux 
client, now gone, was P3 w/ the same kernel.

	I have an OpenBSD fw on the workbench along with some Fedora mail 
servers, so when I get a chance to finish them I can try some more 
combinations.

	To those who asked for examples of the difference in behavior depending 
on the relative positions of the -S & -D flags:

moby(joe) ra -S 172.24.4.1 -D8
ra[621]: 04-08-13 08:43:40.9767 ArgusFilterCompile () returning
ra[620]: 04-08-13 08:43:40.9777 ArgusFilterCompile () waiting for filter 
process 621 on pipe 4
ra[620]: 04-08-13 08:43:40.9784 ArgusFilterCompile () read filter length 1
ra[620]: 04-08-13 08:43:40.9788 ArgusFilterCompile () read filter body 8
ra[620]: 04-08-13 08:43:40.9793 ArgusFilterCompile () returning 0
ra[620]: 04-08-13 08:43:40.9809 Trying eshu.eshu.net port 561 Expecting 
Argus records
ra[620]: 04-08-13 08:43:40.9822 connected
ra[620]: 04-08-13 08:43:40.9825 ArgusGetServerSocket (0x9c1b5fc) returning 4
ra[620]: 04-08-13 08:43:40.9860 ArgusReadConnection() read 16 bytes
ra[620]: 04-08-13 08:43:40.9861 ArgusReadConnection() ARGUS_START Mar.
ra[620]: 04-08-13 08:43:40.9864 ArgusReadConnection() read failed for 
ARGUS_START Mar Success.
ra[620]: 04-08-13 08:43:40.9865 ArgusReadStream() ArgusRemoteFDs is empty
ra[620]: 04-08-13 08:43:40.9866 ArgusShutDown (0)

No data seen.

     VS.

moby(joe) ra -D8 -S 172.24.4.1
ra[646]: 04-08-13 08:43:51.5991 ArgusFree (0x96fa5fc) returning
ra[646]: 04-08-13 08:43:51.5992 ArgusDeleteHostList () returning
ra[646]: 04-08-13 08:43:51.5993 ArgusCalloc (1, 496) returning 0x96fa5fc
ra[646]: 04-08-13 08:43:51.5993 ArgusAddHostList (172.24.4.1, 1) returning 1
ra[647]: 04-08-13 08:43:51.6000 ArgusFilterCompile () returning
ra[646]: 04-08-13 08:43:51.6005 ArgusFilterCompile () waiting for filter 
process 647 on pipe 4
ra[646]: 04-08-13 08:43:51.6006 ArgusFilterCompile () read filter length 1
ra[646]: 04-08-13 08:43:51.6007 ArgusFilterCompile () read filter body 8
ra[646]: 04-08-13 08:43:51.6007 ArgusFilterCompile () returning 0
ra[646]: 04-08-13 08:43:51.6020 Trying eshu.eshu.net port 561 Expecting 
Argus records
ra[646]: 04-08-13 08:43:51.6025 connected
ra[646]: 04-08-13 08:43:51.6025 ArgusGetServerSocket (0x96fa5fc) returning 4
ra[646]: 04-08-13 08:43:51.6065 ArgusReadConnection() read 16 bytes
ra[646]: 04-08-13 08:43:51.6065 ArgusReadConnection() ARGUS_START Mar.
ra[646]: 04-08-13 08:43:51.6066 ArgusReadConnection() read failed for 
ARGUS_START Mar Success.
ra[646]: 04-08-13 08:43:51.6067 ArgusReadStream() ArgusRemoteFDs is empty
ra[646]: 04-08-13 08:43:51.6067 ArgusShutDown (0)

No data seen.

     I.E. the three additional lines:

ra[646]: 04-08-13 08:43:51.5992 ArgusDeleteHostList () returning
ra[646]: 04-08-13 08:43:51.5993 ArgusCalloc (1, 496) returning 0x96fa5fc
ra[646]: 04-08-13 08:43:51.5993 ArgusAddHostList (172.24.4.1, 1) returning 1

when the -D preceeds to -S rather than following it. Granted this now 
seems irrelevant, but it is still curious.

	Joe

-- 
======== Joe Christy ============================== joe at eshu.net =======
---- Voice:831/423-7151 --- Mobile:831/227-6440 --- FAX:831/469-0804 ---
    If I can save you any time, give it to me, I'll keep it with mine.
======== public keys and certificates at: www.eshu.net/PKI.html ========



More information about the argus mailing list