argus-clients-3.0.0.rc.3: rabins coredumps
Carter Bullard
carter at qosient.com
Thu Jun 8 11:37:21 EDT 2006
Hey Robin,
Ok, so we need some ground rules on these bug reports.
For command line errors, the only way to know what the issue
could be, is to see exactly how the command was called. So,
I need the exact command line that you used to understand
if its driver error or a bug, especially when its saying 'syntax
error' :o)
I removed so much code from the original clients, that there
will be problems, just hope there aren't a billion of them.
So a segfault at the end, here is a patch that works.
*** argus_client.c.orig 2006-06-08 11:52:11.000000000 -0400
--- argus_client.c 2006-06-08 11:52:29.000000000 -0400
***************
*** 805,817 ****
struct ArgusRecordStruct *retn = NULL;
unsigned int status = 0;
- parser->ArgusReverse = 0;
-
if (argus == NULL) {
if (parser == NULL) {
retn = &ArgusGenerateRecordStructBuf;
bzero ((char *)retn, sizeof(*retn));
} else {
retn = &parser->argus;
}
--- 805,816 ----
struct ArgusRecordStruct *retn = NULL;
unsigned int status = 0;
if (argus == NULL) {
if (parser == NULL) {
retn = &ArgusGenerateRecordStructBuf;
bzero ((char *)retn, sizeof(*retn));
} else {
+ parser->ArgusReverse = 0;
retn = &parser->argus;
}
Carter
On Jun 8, 2006, at 11:01 AM, Robin Gruyters wrote:
> Quoting Carter Bullard <carter at qosient.com>:
>
>> Ok, when debugging clients, if they blow up, its generally input
>> specific. So, at some time in debugging clients we probably will
>> need some subset of data to chase it down.
>>
>> But before we get there, because the clients share so much
>> code, the first thing to do in chasing down a client
>> bug is to see if other ra* programs also have the same problem.
>>
>> But, before that, we have to make sure that the client is being
>> run correctly, and your rabins() example maybe a problem with
>> parameters. You aren't running rabins with any description of
>> how to "bin" the data. I know this is a line out of ragraph,pl,
>> but ragraph adds a few more parameters.
>>
>> Is this argus-2.0 data?
>>
> No, this is from argus 3.0.0.rc.3. I'm testing it first on our
> development server. (which has no history of Argus use)
>
>> Try ' rabins -M time 5m soft zero -r /data2/argus/argus.out'
>> to see if you get any output.
>>
> Well, I get data, but at the end I get a "segfault".
>
>> If that has problems, then we need to make sure that its rabins
>> specific. racount() is the program I use for testing this.
>> Its good because it doesn't do anything to the input records,
>> other than parse them.
>>
>> So,...., the second step should be, can racount() read the file?
>>
> When I run racount() without '-a' or '-c' option, it works fine,
> but when trying to run it with either option I get the following
> error:
>
> [...]
> racount[57412]: 16:59:36.034059 argus.out filter syntax error
> racount records total_pkts src_pkts dst_pkts
> total_bytes src_bytes dst_bytes
> sum 0 0 0 0
> 0 0 0
> [...]
>
>
> Regards,
>
> Robin
>
>> If, yes, then can ra() parse and print each record, so, the 3rd
>> step would be to try ' ra -r /data2/argus/argus.out > test.out',
>> then with the specific parameters, etc.....
>>
>> If you have problems with all these strategies, then its to the
>> debugger.
>>
>> Carter
>>
>>
>>
>>
>> On Jun 8, 2006, at 5:14 AM, Robin Gruyters wrote:
>>
>>> Hello,
>>>
>>> When I try to execute the following command, it coredumps on
>>> me... :(
>>>
>>> [...]
>>> $ sudo rabins -M soft zero -p6 -GL0 -s lasttime -r /data2/argus/
>>> argus.out -w /tmp/ragraph.out
>>> Floating point exception (core dumped)
>>> [...]
>>>
>>> I'm running Argus (3.0.0.rc.3) on FreeBSD 5.4-RELEASE-p11.
>>>
>>> Regards,
>>>
>>> Robin Gruyters
>>> Network and Security Engineer
>>> Yirdis B.V.
>>> I: http://yirdis.com
>>> P: +31 (0)36 5300394
>>> F: +31 (0)36 5489119
>>>
>
>
More information about the argus
mailing list