debugging argus on tun interface
Peter Van Epp
vanepp at sfu.ca
Thu Feb 23 16:23:13 EST 2006
On Thu, Feb 23, 2006 at 01:04:06PM -0600, eric wrote:
> On Thu, 2006-02-23 at 19:01:47 +0000, poncenby smythe proclaimed...
>
> > i'm trying to get argus to collect flow data on a tun interface,
> > which is actually a USB adsl modem (speedtouch) plugged into a box
> > running openbsd 3.8 generic.
> >
> > when i execute the argus daemon it simply exits. how do I compile
> > argus with debugging enabled?
>
> cd <argus source dir>
> touch .debug .devel
> ./configure
> make
>
> > and which version of argus of argus shall i use? 2.0.6 from the
> > website or a development version from the ftp site?
>
> There's problems building 2.0.6.fixes.1 due to the Makefile not finding some
> of the man pages, etc. Just touch(1) each one as you go. Then build clients
> and install them.
As Eric said 2.0.6.fixes.1 is the latest version (with bug fixes) and
there are some more patches (not immediately needed probably) after that.
I'm running 2.0.6.fixes.1 + patches in production here and have been since
it came out a couple of years ago.
Does tcpdump work on the tun interface on your machine? It uses libpcap
just like argus and would be a good first step down this path (i.e. make sure
libpcap is happy with a tun device which it well may be). I have some
recollection of discussion of the tun device a long time in the past but I
don't remember if anyone ever made one work.
Adding -D number to the argus command line will get it to print
diagnostic messages (you probably want to start at 1 and increase until
something comes our :-)) which may give you a place to look, then gdb is
your friend :-). Checking /var/log/messages for complaints from argus would
also be good bet (I suspect you will find its something to do with trying to
open the tun device from libpcap that fails). I'm the one that usually makes
sure new argus versions at least build on the BSDs (and openbsd is the most
picky :-)) so feel free to ask the list if you have questions. As noted earlier
I intend on publishing a complete fixes.1 patch set hopefully soon.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list