argus-3.0.0.rc.3 on Linux with ring buffer
Peter Van Epp
vanepp at sfu.ca
Thu Jun 8 12:16:45 EDT 2006
Indeed /var/log/messages from yesterday afternoon indicates what
argus was unhappy about:
Jun 7 13:31:59 sniffer kernel: RING: allocated 7181 slots [slot_len=146][tot_mem=1048576]
Jun 7 13:31:59 sniffer kernel: NET: Registered protocol family 17
Jun 7 13:31:59 sniffer kernel: device eth1 entered promiscuous mode
Jun 7 13:31:59 sniffer kernel: RING: succesfully allocated 1024 KB [tot_mem=598598076][order=8]
Jun 7 13:31:59 sniffer kernel: RING: allocated 7181 slots [slot_len=146][tot_mem=1048576]
Jun 7 13:31:59 sniffer kernel: device eth0 entered promiscuous mode
Jun 7 13:31:59 sniffer argus[8684]: 07 Jun 06 13:31:59.179816 ArgusGetInterfaceStatus: interface eth1 is up
Jun 7 13:31:59 sniffer argus[8684]: 07 Jun 06 13:31:59.180040 ArgusGetInterfaceStatus: interface eth0 is up
Jun 7 13:32:06 sniffer argus[8684]: 07 Jun 06 13:32:06.292892 ArgusUpdateFRAGState (0x8153c80, 32) not frag struct
Jun 7 13:32:06 sniffer argus[8684]: 07 Jun 06 13:32:06.451750 stopped
Now to see if it does it again and if I can catch it with a tcpdump ...
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the argus
mailing list