[ARGUS] response to limit checks
slif at bellsouth.net
slif at bellsouth.net
Fri Jun 25 10:47:24 EDT 2004
Generally, should the daemon program use default values
when the configured values do not "make sense" ?
I suspect that the daemon could log a warning message
including the pathname of the configure file and the
token name, aberrant value, and the substituted value.
If the error was not fatal, I believe that the daemon
should continue.
For ARGUS_CAPTURE_DATA_LEN, perhaps the substituted value
could be 1000 (if greater value was supplied),
or 0 (if non-number or negative value was supplied).
I know that sounds lazy, but consider an admin pushing a shiny
new config to more than three sensors. She would rather they
log complaints than go bust !
-Mike
>Subject:RE: [ARGUS] FreeBSD 4.7 segfault.
Carter Bullard wrote:
>Gentle people,
> I would crank down the user data capture buffer to < 1020
>bytes. Run it at 256 and lets see if the problem doesn't go
>away, and then we'll crank it back up, but the max should be
>1020. The user buffer TLV has an 8-bit length field, and
>we capture that many ints, so the max will be 1024. The
>header is 4 bytes long, so you maybe tickling the edge of
>the user capture buffer. I guess I should put in a hard
>limit on the input to this variable.
>
More information about the argus
mailing list