User data capture doesn't work with argus-3.0.0.rc.25
carter at qosient.com
carter at qosient.com
Sun Aug 13 10:06:00 EDT 2006
Hey Dietmar,
I'm not going to be able to change the coe for a few days, so I would suggest that you use ethereal, wireshark, or tcpdump to generate the packet file.
That way you get some additional validation that the problem may not be argus.
Carter
------Original Message------
To: Dietmar Goldbeck
Cc: Argus
Sent: Aug 13, 2006 9:54 AM
Subject: Re: User data capture doesn't work with argus-3.0.0.rc.25
Hey Dietmar,
It maybe the interface type. Your packet handler ArgusSllPacket(), may not make the correct call outs. I'll take a look.
Carter
------Original Message------
From: Dietmar Goldbeck
To: Carter Bullard
Cc: Argus
Sent: Aug 13, 2006 6:44 AM
Subject: User data capture doesn't work with argus-3.0.0.rc.25
Hello Carter,
while trying to test racluster, i couldn't get argus3 to also write in
libpcap output.
With the following argus3.conf file:
ARGUS_DAEMON=no
ARGUS_DEBUG_LEVEL=7
ARGUS_MONITOR_DATA=`hostname`
ARGUS_ACCESS_PORT=561
ARGUS_INTERFACE=ippp0
ARGUS_SET_PID=no
ARGUS_GO_PROMISCUOUS=yes
ARGUS_FLOW_STATUS_INTERVAL=10
ARGUS_GENERATE_START_RECORDS=no
ARGUS_GENERATE_RESPONSE_TIME_DATA=yes
ARGUS_GENERATE_JITTER_DATA=yes
ARGUS_GENERATE_MAC_DATA=yes
ARGUS_FILTER_OPTIMIZER=no
ARGUS_CAPTURE_DATA_LEN=1500
ARGUS_BIND_IP="127.0.0.1"
ARGUS_PACKET_CAPTURE_FILE="/var/log/argus3/ippp0/argus3-ippp0.cap"
ARGUS_OUTPUT_FILE="/var/log/argus3/ippp0/argus-ippp0.log"
starting as:
/usr/local/argus-3.0.0.rc.25/sbin/argus -F /etc/argus/argus3-ippp0.conf
Debugging Output:
argus[6932]: 13 Aug 06 12:40:55.342120 setArgusPortNum(561) returning
argus[6932]: 13 Aug 06 12:40:55.344467 clearArgusDevice(0xb7cec080) returning
argus[6932]: 13 Aug 06 12:40:55.345128 ArgusCalloc (1, 28) returning 0x8121b00
argus[6932]: 13 Aug 06 12:40:55.345654 ArgusNewList () returning 0x8121b00
argus[6932]: 13 Aug 06 12:40:55.346277 ArgusCalloc (1, 8) returning 0x8121f00
argus[6932]: 13 Aug 06 12:40:55.346944 ArgusPushFrontList (0x8121b00, 0x8121f00, 0) returning 0xbfffeb48
argus[6932]: 13 Aug 06 12:40:55.347489 setArgusDevice(ippp0) returning
argus[6932]: 13 Aug 06 12:40:55.348572 ArgusParseResourceFile: ArgusBindAddr "(null)"
argus[6932]: 13 Aug 06 12:40:55.349290 ArgusParseResourceFile: ArgusPacketCaptureFile "/var/log/argus3/ippp0/argus3-ippp0.cap"
argus[6932]: 13 Aug 06 12:40:55.349886 ArgusDeleteList (0x0) returning
argus[6932]: 13 Aug 06 12:40:55.350509 ArgusCalloc (1, 28) returning 0x8121f80
argus[6932]: 13 Aug 06 12:40:55.351189 ArgusNewList () returning 0x8121f80
argus[6932]: 13 Aug 06 12:40:55.352529 ArgusCalloc (1, 12) returning 0x8122080
argus[6932]: 13 Aug 06 12:40:55.353170 ArgusPushFrontList (0x8121f80, 0x8122080, 0) returning 0x0
argus[6932]: 13 Aug 06 12:40:55.353770 ArgusParseResourceFile (/etc/argus/argus3-ippp0.conf) returning
argus[6932]: 13 Aug 06 12:40:55.354521 setArgusInterfaceStatus(1)
argus[6932]: 13 Aug 06 12:40:55.392058 ArgusInitSource() pcap_open_live() returned 0x81220a0
argus[6932]: 13 Aug 06 12:40:55.393197 Arguslookup_pcap_callback(113) returning ArgusSllPacket(): 0x8056388
argus[6932]: 13 Aug 06 12:40:55.393749 ArgusPushBackList (0x8121b00, 0x8121f00, 0) returning 1
argus[6932]: 13 Aug 06 12:40:55.396527 ArgusInitSource() returning
argus[6932]: 13 Aug 06 12:40:55.397170 ArgusCalloc (1, 28) returning 0x8122b00
argus[6932]: 13 Aug 06 12:40:55.397686 ArgusNewList () returning 0x8122b00
argus[6932]: 13 Aug 06 12:40:55.398259 ArgusCalloc (1, 128) returning 0x8122b80
argus[6932]: 13 Aug 06 12:40:55.398973 ArgusGenerateInitialMar() returning
argus[6932]: 13 Aug 06 12:40:55.401565 ArgusCalloc (1, 65616) returning 0x8123180
argus[6932]: 13 Aug 06 12:40:55.402173 ArgusCalloc (1, 28) returning 0x8122c80
argus[6932]: 13 Aug 06 12:40:55.402674 ArgusNewList () returning 0x8122c80
argus[6932]: 13 Aug 06 12:40:55.403308 ArgusNewSocket (6) returning 0x8123180
argus[6932]: 13 Aug 06 12:40:55.404049 ArgusDeleteList (0x0) returning
argus[6932]: 13 Aug 06 12:40:55.404596 ArgusEstablishListen(561, 127.0.0.1, 0xbffffa60)
argus[6932]: 13 Aug 06 12:40:55.412745 ArgusEstablishListen(561, 0xbffffa60) binding: 16777343
argus[6932]: 13 Aug 06 12:40:55.413878 ArgusEstablishListen(561, 0xbffffa60) returning 7
argus[6932]: 13 Aug 06 12:40:55.414405 ArgusInitOutput() done
argus[6932]: 13 Aug 06 12:40:55.415040 started
argus[6932]: 13 Aug 06 12:40:55.423232 ArgusCalloc (1, 20) returning 0x8133280
The file /var/log/argus3/ippp0/argus3-ippp0.cap stays empty until i press Ctrl-C
Then it has 24bytes :-(
--
Alles Gute / best wishes
Dietmar Goldbeck E-Mail: dietmar.goldbeck at schotterweg.de
Reporter (to Mahatma Gandhi): Mr Gandhi, what do you think of Western
Civilization? Gandhi: I think it would be a good idea.
Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
More information about the argus
mailing list