[ARGUS] response to limit checks

slif at bellsouth.net slif at bellsouth.net
Fri Jun 25 10:47:24 EDT 2004


Generally, should the daemon program use default values
when the configured values do not "make sense" ?

I suspect that the daemon could log a warning message
including the pathname of the configure file and the
token name, aberrant value, and the substituted value.
If the error was not fatal, I believe that the daemon
should continue.

For ARGUS_CAPTURE_DATA_LEN, perhaps the substituted value
could be 1000 (if greater value was supplied),
or 0 (if non-number or negative value was supplied).

I know that sounds lazy, but consider an admin pushing a shiny
new config to more than three sensors.  She would rather they
log complaints than go bust !
-Mike

>Subject:RE: [ARGUS] FreeBSD 4.7 segfault.
Carter Bullard wrote:

>Gentle people,
>   I would crank down the user data capture buffer to < 1020
>bytes. Run it at 256 and lets see if the problem doesn't go
>away, and then we'll crank it back up, but the max should be
>1020.  The user buffer TLV has an 8-bit length field, and
>we capture that many ints, so the max will be 1024.  The
>header is 4 bytes long, so you maybe tickling the edge of
>the user capture buffer.   I guess I should put in a hard
>limit on the input to this variable.
>





More information about the argus mailing list