Reading Argus records on FreeBSD i386 or amd64
Richard Johnson
rdump at river.com
Mon Jan 2 22:09:37 EST 2006
At 21:11 -0500 on 2006-01-02, Richard Bejtlich wrote:
> Hello,
>
> Issue 1:
>
> Should data generated from Argus reading a Libpcap trace on FreeBSD
> amd64 be readable using the ra client on FreeBSD i386?
They should, but as a practical matter they likely won't be. Argus is not
yet 64bit clean.
> On each platform, the ra client can read records generated on that platform.
> ...
> On FreeBSD amd64 (sensor01) I get 0 records when passing a filter on
> Argus data generated on that platform.
That matches fairly well with my experience. Attempting to send records to
an amd64 system, whether from an amd64 system or an i386 system, didn't
work.
I've switched back to using high-end i386 systems, as I was fairly sure
that we wouldn't get anything useful to (or from) an amd64 box without some
significant code tweaks.
Richard
More information about the argus
mailing list