User data capture doesn't work with argus-3.0.0.rc.25

Sun Aug 13 09:54:39 EDT 2006

Hey Dietmar,
It maybe the interface type.  Your packet handler ArgusSllPacket(), may not make the correct call outs.  I'll take a look.

Carter

Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax  

-----Original Message-----
From: Dietmar Goldbeck <goldbeck at e-trend.de>
Date: Sun, 13 Aug 2006 12:44:37 
To:carter at qosient.com
Cc:argus-info at lists.andrew.cmu.edu
Subject: User data capture doesn't work with argus-3.0.0.rc.25

  Hello Carter,

while trying to test racluster, i couldn't get argus3 to also write in
libpcap output.

With the following argus3.conf file:

ARGUS_DAEMON=no
ARGUS_DEBUG_LEVEL=7
ARGUS_MONITOR_DATA=`hostname`
ARGUS_ACCESS_PORT=561
ARGUS_INTERFACE=ippp0
ARGUS_SET_PID=no
ARGUS_GO_PROMISCUOUS=yes
ARGUS_FLOW_STATUS_INTERVAL=10
ARGUS_GENERATE_START_RECORDS=no
ARGUS_GENERATE_RESPONSE_TIME_DATA=yes
ARGUS_GENERATE_JITTER_DATA=yes
ARGUS_GENERATE_MAC_DATA=yes
ARGUS_FILTER_OPTIMIZER=no
ARGUS_CAPTURE_DATA_LEN=1500
ARGUS_BIND_IP="127.0.0.1"
ARGUS_PACKET_CAPTURE_FILE="/var/log/argus3/ippp0/argus3-ippp0.cap"
ARGUS_OUTPUT_FILE="/var/log/argus3/ippp0/argus-ippp0.log"

starting as:

/usr/local/argus-3.0.0.rc.25/sbin/argus -F /etc/argus/argus3-ippp0.conf 

Debugging Output:

argus[6932]: 13 Aug 06 12:40:55.342120 setArgusPortNum(561) returning
argus[6932]: 13 Aug 06 12:40:55.344467 clearArgusDevice(0xb7cec080) returning
argus[6932]: 13 Aug 06 12:40:55.345128 ArgusCalloc (1, 28) returning 0x8121b00
argus[6932]: 13 Aug 06 12:40:55.345654 ArgusNewList () returning 0x8121b00
argus[6932]: 13 Aug 06 12:40:55.346277 ArgusCalloc (1, 8) returning 0x8121f00
argus[6932]: 13 Aug 06 12:40:55.346944 ArgusPushFrontList (0x8121b00, 0x8121f00, 0) returning 0xbfffeb48
argus[6932]: 13 Aug 06 12:40:55.347489 setArgusDevice(ippp0) returning
argus[6932]: 13 Aug 06 12:40:55.348572 ArgusParseResourceFile: ArgusBindAddr "(null)"
argus[6932]: 13 Aug 06 12:40:55.349290 ArgusParseResourceFile: ArgusPacketCaptureFile "/var/log/argus3/ippp0/argus3-ippp0.cap"
argus[6932]: 13 Aug 06 12:40:55.349886 ArgusDeleteList (0x0) returning
argus[6932]: 13 Aug 06 12:40:55.350509 ArgusCalloc (1, 28) returning 0x8121f80
argus[6932]: 13 Aug 06 12:40:55.351189 ArgusNewList () returning 0x8121f80
argus[6932]: 13 Aug 06 12:40:55.352529 ArgusCalloc (1, 12) returning 0x8122080
argus[6932]: 13 Aug 06 12:40:55.353170 ArgusPushFrontList (0x8121f80, 0x8122080, 0) returning 0x0
argus[6932]: 13 Aug 06 12:40:55.353770 ArgusParseResourceFile (/etc/argus/argus3-ippp0.conf) returning
argus[6932]: 13 Aug 06 12:40:55.354521 setArgusInterfaceStatus(1)
argus[6932]: 13 Aug 06 12:40:55.392058 ArgusInitSource() pcap_open_live() returned 0x81220a0
argus[6932]: 13 Aug 06 12:40:55.393197 Arguslookup_pcap_callback(113) returning ArgusSllPacket(): 0x8056388
argus[6932]: 13 Aug 06 12:40:55.393749 ArgusPushBackList (0x8121b00, 0x8121f00, 0) returning 1
argus[6932]: 13 Aug 06 12:40:55.396527 ArgusInitSource() returning
argus[6932]: 13 Aug 06 12:40:55.397170 ArgusCalloc (1, 28) returning 0x8122b00
argus[6932]: 13 Aug 06 12:40:55.397686 ArgusNewList () returning 0x8122b00
argus[6932]: 13 Aug 06 12:40:55.398259 ArgusCalloc (1, 128) returning 0x8122b80
argus[6932]: 13 Aug 06 12:40:55.398973 ArgusGenerateInitialMar() returning
argus[6932]: 13 Aug 06 12:40:55.401565 ArgusCalloc (1, 65616) returning 0x8123180
argus[6932]: 13 Aug 06 12:40:55.402173 ArgusCalloc (1, 28) returning 0x8122c80
argus[6932]: 13 Aug 06 12:40:55.402674 ArgusNewList () returning 0x8122c80
argus[6932]: 13 Aug 06 12:40:55.403308 ArgusNewSocket (6) returning 0x8123180
argus[6932]: 13 Aug 06 12:40:55.404049 ArgusDeleteList (0x0) returning
argus[6932]: 13 Aug 06 12:40:55.404596 ArgusEstablishListen(561, 127.0.0.1, 0xbffffa60)
argus[6932]: 13 Aug 06 12:40:55.412745 ArgusEstablishListen(561, 0xbffffa60) binding: 16777343
argus[6932]: 13 Aug 06 12:40:55.413878 ArgusEstablishListen(561, 0xbffffa60) returning 7
argus[6932]: 13 Aug 06 12:40:55.414405 ArgusInitOutput() done
argus[6932]: 13 Aug 06 12:40:55.415040 started
argus[6932]: 13 Aug 06 12:40:55.423232 ArgusCalloc (1, 20) returning 0x8133280

The file /var/log/argus3/ippp0/argus3-ippp0.cap stays empty until i press Ctrl-C
Then it has 24bytes :-(

-- 
 Alles Gute / best wishes  
     Dietmar Goldbeck         E-Mail: dietmar.goldbeck at schotterweg.de
Reporter (to Mahatma Gandhi): Mr Gandhi, what do you think of Western
Civilization?  Gandhi: I think it would be a good idea.