argus-clients-3.0.0.rc.3: rabins coredumps

Carter Bullard carter at qosient.com
Thu Jun 8 13:59:38 EDT 2006 

Hey Robin,
    The -a and -c options are screwed up, as the implementation
has them taking an argument, but  the argus clients don't parse
them, so ....., it will think that anything after the -a or -c is a  
filter.

     I'll fix the flags.

Carter


On Jun 8, 2006, at 11:01 AM, Robin Gruyters wrote:

> Quoting Carter Bullard <carter at qosient.com>:
>
>> Ok, when debugging clients, if they blow up, its generally input
>> specific.   So, at some time in debugging clients we probably will
>> need some subset of data to chase it down.
>>
>> But before we get there, because the clients share so much
>> code, the first thing to do in chasing down a client
>> bug is to see if other ra* programs also have the same problem.
>>
>> But, before that, we have to make sure that the client is being
>> run correctly, and your rabins() example maybe a problem with
>> parameters.  You aren't running rabins with any description of
>> how to "bin" the data.   I know this is a line out of ragraph,pl,
>> but ragraph adds a few more parameters.
>>
>> Is this argus-2.0 data?
>>
> No, this is from argus 3.0.0.rc.3. I'm testing it first on our  
> development server. (which has no history of Argus use)
>
>> Try   ' rabins -M time 5m soft zero -r /data2/argus/argus.out'
>> to see if you get any output.
>>
> Well, I get data, but at the end I get a "segfault".
>
>> If that has problems, then we need to make sure that its rabins
>> specific.  racount() is the program I use for testing this.
>> Its good because it doesn't do anything to the input records,
>> other than parse them.
>>
>> So,...., the second step should be, can racount() read the file?
>>
> When I run racount() without '-a' or '-c' option, it works fine,  
> but when trying to run it with either option I get the following  
> error:
>
> [...]
> racount[57412]: 16:59:36.034059  argus.out filter syntax error
> racount   records     total_pkts     src_pkts       dst_pkts        
> total_bytes        src_bytes          dst_bytes
>     sum   0           0              0              0               
> 0                  0                  0
> [...]
>
>
> Regards,
>
> Robin
>
>> If, yes, then can ra() parse and print each record, so, the 3rd
>> step would be to try  ' ra -r /data2/argus/argus.out > test.out',
>> then with the specific parameters, etc.....
>>
>> If you have problems with all these strategies, then its to the
>> debugger.
>>
>> Carter
>>
>>
>>
>>
>> On Jun 8, 2006, at 5:14 AM, Robin Gruyters wrote:
>>
>>> Hello,
>>>
>>> When I try to execute the following command, it coredumps on  
>>> me... :(
>>>
>>> [...]
>>> $ sudo rabins -M soft zero -p6 -GL0 -s lasttime -r  /data2/argus/ 
>>> argus.out -w /tmp/ragraph.out
>>> Floating point exception (core dumped)
>>> [...]
>>>
>>> I'm running Argus (3.0.0.rc.3) on FreeBSD 5.4-RELEASE-p11.
>>>
>>> Regards,
>>>
>>> Robin Gruyters
>>> Network and Security Engineer
>>> Yirdis B.V.
>>> I: http://yirdis.com
>>> P: +31 (0)36 5300394
>>> F: +31 (0)36 5489119
>>>
>
>

Carter Bullard
CEO/President
QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax

More information about the argus mailing list