[ARGUS] ramon error?
Peter Van Epp
vanepp at sfu.ca
Fri May 28 11:23:46 EDT 2004
Presumably "x.y..0.0/16" is a typo (the .. that is) because it wouldn't
cause this. It looks like one of your archives is corrupted. Something like
a shell script loop that loops through the archive files one at a time as in
ra -r /usr/local/argus/archive/2004/05/28/argus.2004.05.28.00.00.00.gz -c -n >/dev/null
to identify which archive is corrupted would likely be a good start (I'd expect
you will get the same error from ra on at least one of the files). What OS
are you running and what argus version? Any filters on the argus_bpf capture?
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
On Fri, May 28, 2004 at 09:28:37AM -0400, cleric at gwu.edu wrote:
> Any ideas?
>
> ramon -M topn -r /usr/local/argus/archive/2004/05/28/* - -n -c 'dst net
> x.y..0.0/16 and tcp'
> ramon[14217]: ArgusHandleDatum(0xf5b33) input record 60190 size = -1543495679
>
>
> ls -al /usr/local/argus/archive/2004/05/28/
> total 463736
> drwxr-xr-x 2 argus argus 4096 May 28 09:02 ./
> drwxr-xr-x 7 argus argus 51 May 28 00:00 ../
> -rw-r----- 1 argus argus 79444682 May 28 00:06
> argus.2004.05.28.00.00.00.gz
> -rw-r--r-- 1 argus argus 3597103 May 28 01:00
> argus.2004.05.28.01.00.00.gz
> -rw-r----- 1 argus argus 51111999 May 28 02:03
> argus.2004.05.28.02.00.00.gz
> -rw-r----- 1 argus argus 49051383 May 28 03:03
> argus.2004.05.28.03.00.00.gz
> -rw-r----- 1 argus argus 49951651 May 28 04:03
> argus.2004.05.28.04.00.00.gz
> -rw-r----- 1 argus argus 49303393 May 28 05:03
> argus.2004.05.28.05.00.00.gz
> -rw-r----- 1 argus argus 48150669 May 28 06:02
> argus.2004.05.28.06.00.00.gz
> -rw-r----- 1 argus argus 44780300 May 28 07:02
> argus.2004.05.28.07.00.00.gz
> -rw-r----- 1 argus argus 50992487 May 28 08:03
> argus.2004.05.28.08.00.00.gz
> -rw-r----- 1 argus argus 48457793 May 28 09:02
> argus.2004.05.28.09.00.00.gz
>
> 0100
More information about the argus
mailing list