argus-clients-3.0.0.rc.3: rabins coredumps
Robin Gruyters
r.gruyters at yirdis.nl
Thu Jun 8 11:01:08 EDT 2006
Quoting Carter Bullard <carter at qosient.com>:
> Ok, when debugging clients, if they blow up, its generally input
> specific. So, at some time in debugging clients we probably will
> need some subset of data to chase it down.
>
> But before we get there, because the clients share so much
> code, the first thing to do in chasing down a client
> bug is to see if other ra* programs also have the same problem.
>
> But, before that, we have to make sure that the client is being
> run correctly, and your rabins() example maybe a problem with
> parameters. You aren't running rabins with any description of
> how to "bin" the data. I know this is a line out of ragraph,pl,
> but ragraph adds a few more parameters.
>
> Is this argus-2.0 data?
>
No, this is from argus 3.0.0.rc.3. I'm testing it first on our
development server. (which has no history of Argus use)
> Try ' rabins -M time 5m soft zero -r /data2/argus/argus.out'
> to see if you get any output.
>
Well, I get data, but at the end I get a "segfault".
> If that has problems, then we need to make sure that its rabins
> specific. racount() is the program I use for testing this.
> Its good because it doesn't do anything to the input records,
> other than parse them.
>
> So,...., the second step should be, can racount() read the file?
>
When I run racount() without '-a' or '-c' option, it works fine, but
when trying to run it with either option I get the following error:
[...]
racount[57412]: 16:59:36.034059 argus.out filter syntax error
racount records total_pkts src_pkts dst_pkts
total_bytes src_bytes dst_bytes
sum 0 0 0 0 0
0 0
[...]
Regards,
Robin
> If, yes, then can ra() parse and print each record, so, the 3rd
> step would be to try ' ra -r /data2/argus/argus.out > test.out',
> then with the specific parameters, etc.....
>
> If you have problems with all these strategies, then its to the
> debugger.
>
> Carter
>
>
>
>
> On Jun 8, 2006, at 5:14 AM, Robin Gruyters wrote:
>
>> Hello,
>>
>> When I try to execute the following command, it coredumps on me... :(
>>
>> [...]
>> $ sudo rabins -M soft zero -p6 -GL0 -s lasttime -r
>> /data2/argus/argus.out -w /tmp/ragraph.out
>> Floating point exception (core dumped)
>> [...]
>>
>> I'm running Argus (3.0.0.rc.3) on FreeBSD 5.4-RELEASE-p11.
>>
>> Regards,
>>
>> Robin Gruyters
>> Network and Security Engineer
>> Yirdis B.V.
>> I: http://yirdis.com
>> P: +31 (0)36 5300394
>> F: +31 (0)36 5489119
>>
More information about the argus
mailing list