argus.2.0.6.fixes.1 on OBSD 3.7

Carter Bullard carter at qosient.com
Fri Aug 26 14:55:23 EDT 2005


Hey Eric,
    The libpcap interface type is appended to the end of the argus
binary, as a double check that you're finding the right version
of libpcap (some machines have multiple libpcap strategies),
and yeah, we rip the interface type off when the script installs
(if my memory is correct).

Carter


On Aug 26, 2005, at 10:44 AM, eric wrote:

> On Fri, 2005-08-26 at 10:30:37 -0400, Carter Bullard proclaimed...
>
>
>>    I've got the modified argus_bpf running, and we'll see if it now
>> breaks.
>> I've got a lot of memory debug support now in, and so we'll see if  
>> we've
>> got someone deallocating incorrectly, or if we just have a lot of  
>> memory
>> requirements for this probe.  You have a lot of scanning going on,  
>> and
>> so you have a high average flow arrival rate (>20,000 simultaneous
>> flows),
>> but that shouldn't cause you to go over 500MB of memory.
>>
>
> Why is it that some folks call it argus_bpf? I've only been seeing  
> this for
> abour 4 years now so I thougth I'd ask now :)
>
>




More information about the argus mailing list