argus-clients-3.0.0.rc.3: rabins coredumps

Robin Gruyters r.gruyters at yirdis.nl
Thu Jun 8 11:01:08 EDT 2006


Quoting Carter Bullard <carter at qosient.com>:

> Ok, when debugging clients, if they blow up, its generally input
> specific.   So, at some time in debugging clients we probably will
> need some subset of data to chase it down.
>
> But before we get there, because the clients share so much
> code, the first thing to do in chasing down a client
> bug is to see if other ra* programs also have the same problem.
>
> But, before that, we have to make sure that the client is being
> run correctly, and your rabins() example maybe a problem with
> parameters.  You aren't running rabins with any description of
> how to "bin" the data.   I know this is a line out of ragraph,pl,
> but ragraph adds a few more parameters.
>
> Is this argus-2.0 data?
>
No, this is from argus 3.0.0.rc.3. I'm testing it first on our  
development server. (which has no history of Argus use)

> Try   ' rabins -M time 5m soft zero -r /data2/argus/argus.out'
> to see if you get any output.
>
Well, I get data, but at the end I get a "segfault".

> If that has problems, then we need to make sure that its rabins
> specific.  racount() is the program I use for testing this.
> Its good because it doesn't do anything to the input records,
> other than parse them.
>
> So,...., the second step should be, can racount() read the file?
>
When I run racount() without '-a' or '-c' option, it works fine, but  
when trying to run it with either option I get the following error:

[...]
racount[57412]: 16:59:36.034059  argus.out filter syntax error
racount   records     total_pkts     src_pkts       dst_pkts        
total_bytes        src_bytes          dst_bytes
     sum   0           0              0              0              0   
                 0                  0
[...]


Regards,

Robin

> If, yes, then can ra() parse and print each record, so, the 3rd
> step would be to try  ' ra -r /data2/argus/argus.out > test.out',
> then with the specific parameters, etc.....
>
> If you have problems with all these strategies, then its to the
> debugger.
>
> Carter
>
>
>
>
> On Jun 8, 2006, at 5:14 AM, Robin Gruyters wrote:
>
>> Hello,
>>
>> When I try to execute the following command, it coredumps on me... :(
>>
>> [...]
>> $ sudo rabins -M soft zero -p6 -GL0 -s lasttime -r   
>> /data2/argus/argus.out -w /tmp/ragraph.out
>> Floating point exception (core dumped)
>> [...]
>>
>> I'm running Argus (3.0.0.rc.3) on FreeBSD 5.4-RELEASE-p11.
>>
>> Regards,
>>
>> Robin Gruyters
>> Network and Security Engineer
>> Yirdis B.V.
>> I: http://yirdis.com
>> P: +31 (0)36 5300394
>> F: +31 (0)36 5489119
>>




More information about the argus mailing list