[ARGUS] argus-2.0.6.fixes.1/FreeBSD-4.10 <=> argus-clients-2.0.6.fixes.1/FC2

Carter Bullard carter at qosient.com
Fri Aug 13 12:08:21 EDT 2004


Hey Joe,
   The differences in debug output is due to the -D option
coming before the -S option.  We set the debug flag at the
instant that we parse the option on the command line, so, ...,
if the -S option is before the -D, you won't see any of the
debug messages that are available for the server connection,
initial parsing, etc......  Rule of thumb is always put a
debug directive as the first option on the command line.

Carter


> From: Joe Christy <joe at eshu.net>
> Date: Fri, 13 Aug 2004 08:51:10 -0700
> To: <argus-info at lists.andrew.cmu.edu>
> Subject: Re: [ARGUS] argus-2.0.6.fixes.1/FreeBSD-4.10 <=>
> argus-clients-2.0.6.fixes.1/FC2
> 
>    Vis-a-vis Peter's note of 08/12/2004 05:53 PM:
>> On Tue, Aug 10, 2004 at 09:56:38PM -0700, Joe Christy wrote:
>> 
>>> ...  I've now devoted another 8 hours to hammering on
>>> (non-)interoperability and temporarily run out of ideas.
>>> 
> 
> Sorry to be so silent - as a consultant whose laptop died on Tuesday
> taking all my (providentiually backed-up) business records and sw with
> it, I've been highly distracted in the moments I've not been building
> firewalls & dealing w/ customer's email routing issues or maintaining
> Activities of Daily Life.
> 
>> ...
>> Is the Linix machine an AMD opteron running in 64 bit mode by chance?
>> ...
> 
> No, it's Hyper-threaded P4 running a 2.6.7 SMP kernel. The second Linux
> client, now gone, was P3 w/ the same kernel.
> 
> I have an OpenBSD fw on the workbench along with some Fedora mail
> servers, so when I get a chance to finish them I can try some more
> combinations.
> 
> To those who asked for examples of the difference in behavior depending
> on the relative positions of the -S & -D flags:
> 
> moby(joe) ra -S 172.24.4.1 -D8
> ra[621]: 04-08-13 08:43:40.9767 ArgusFilterCompile () returning
> ra[620]: 04-08-13 08:43:40.9777 ArgusFilterCompile () waiting for filter
> process 621 on pipe 4
> ra[620]: 04-08-13 08:43:40.9784 ArgusFilterCompile () read filter length 1
> ra[620]: 04-08-13 08:43:40.9788 ArgusFilterCompile () read filter body 8
> ra[620]: 04-08-13 08:43:40.9793 ArgusFilterCompile () returning 0
> ra[620]: 04-08-13 08:43:40.9809 Trying eshu.eshu.net port 561 Expecting
> Argus records
> ra[620]: 04-08-13 08:43:40.9822 connected
> ra[620]: 04-08-13 08:43:40.9825 ArgusGetServerSocket (0x9c1b5fc) returning 4
> ra[620]: 04-08-13 08:43:40.9860 ArgusReadConnection() read 16 bytes
> ra[620]: 04-08-13 08:43:40.9861 ArgusReadConnection() ARGUS_START Mar.
> ra[620]: 04-08-13 08:43:40.9864 ArgusReadConnection() read failed for
> ARGUS_START Mar Success.
> ra[620]: 04-08-13 08:43:40.9865 ArgusReadStream() ArgusRemoteFDs is empty
> ra[620]: 04-08-13 08:43:40.9866 ArgusShutDown (0)
> 
> No data seen.
> 
>      VS.
> 
> moby(joe) ra -D8 -S 172.24.4.1
> ra[646]: 04-08-13 08:43:51.5991 ArgusFree (0x96fa5fc) returning
> ra[646]: 04-08-13 08:43:51.5992 ArgusDeleteHostList () returning
> ra[646]: 04-08-13 08:43:51.5993 ArgusCalloc (1, 496) returning 0x96fa5fc
> ra[646]: 04-08-13 08:43:51.5993 ArgusAddHostList (172.24.4.1, 1) returning 1
> ra[647]: 04-08-13 08:43:51.6000 ArgusFilterCompile () returning
> ra[646]: 04-08-13 08:43:51.6005 ArgusFilterCompile () waiting for filter
> process 647 on pipe 4
> ra[646]: 04-08-13 08:43:51.6006 ArgusFilterCompile () read filter length 1
> ra[646]: 04-08-13 08:43:51.6007 ArgusFilterCompile () read filter body 8
> ra[646]: 04-08-13 08:43:51.6007 ArgusFilterCompile () returning 0
> ra[646]: 04-08-13 08:43:51.6020 Trying eshu.eshu.net port 561 Expecting
> Argus records
> ra[646]: 04-08-13 08:43:51.6025 connected
> ra[646]: 04-08-13 08:43:51.6025 ArgusGetServerSocket (0x96fa5fc) returning 4
> ra[646]: 04-08-13 08:43:51.6065 ArgusReadConnection() read 16 bytes
> ra[646]: 04-08-13 08:43:51.6065 ArgusReadConnection() ARGUS_START Mar.
> ra[646]: 04-08-13 08:43:51.6066 ArgusReadConnection() read failed for
> ARGUS_START Mar Success.
> ra[646]: 04-08-13 08:43:51.6067 ArgusReadStream() ArgusRemoteFDs is empty
> ra[646]: 04-08-13 08:43:51.6067 ArgusShutDown (0)
> 
> No data seen.
> 
>      I.E. the three additional lines:
> 
> ra[646]: 04-08-13 08:43:51.5992 ArgusDeleteHostList () returning
> ra[646]: 04-08-13 08:43:51.5993 ArgusCalloc (1, 496) returning 0x96fa5fc
> ra[646]: 04-08-13 08:43:51.5993 ArgusAddHostList (172.24.4.1, 1) returning 1
> 
> when the -D preceeds to -S rather than following it. Granted this now
> seems irrelevant, but it is still curious.
> 
> Joe
> 
> -- 
> ======== Joe Christy ============================== joe at eshu.net =======
> ---- Voice:831/423-7151 --- Mobile:831/227-6440 --- FAX:831/469-0804 ---
>     If I can save you any time, give it to me, I'll keep it with mine.
> ======== public keys and certificates at: www.eshu.net/PKI.html ========
> 





More information about the argus mailing list