radium things

Robin Gruyters r.gruyters at yirdis.nl
Tue Jun 13 08:27:59 EDT 2006


Quoting carter at qosient.com:

> Hey Robin,
> How about syslog messages in (not sure of your system)   
> /var/log/messages?  Regardless, the -w option should work, so I'll   
> check it out later this afternoon.
>
Nope, nothing. Altough I have quite alot of these messages

[...]
Jun 13 11:12:41 development radium[89367]: 11:12:41.611508   
ArgusCheckClientStatus: accept: Socket operation on non-socket
Jun 13 11:12:41 development radium[89367]: 11:12:41.631489   
ArgusCheckClientStatus: accept: Socket operation on non-socket
Jun 13 11:12:41 development radium[89367]: 11:12:41.651464   
ArgusCheckClientStatus: accept: Socket operation on non-socket
[...]

This was before I was trying to bind to a port. I had a radium proces  
running over the weekend and logging directly to logfile (-w  
/data2/argus/argus.radium)

[...]
# grep radium /var/log/all.log* | grep ArgusCheckClientStatus | wc -l
  16231130
#
[...]

It's a huge list!

Regards,

Robin


> Carter
>
> Carter Bullard
> QoSient LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
> -----Original Message-----
> From: Robin Gruyters <r.gruyters at yirdis.nl>
> Date: Tue, 13 Jun 2006 11:23:17
> To:carter at qosient.com
> Cc:Argus <argus-info at lists.andrew.cmu.edu>
> Subject: Re: [ARGUS] radium things
>
> Quoting carter at qosient.com:
>
>> So I am not getting any kind of problems with radium. You will have
>> to be root to listen on any privledged ports ( under 1024 ).
>> You should have gotten some form of error messages?
>>
> Nope no messages. I notice when starting radium without the '-w'
> option it creates a listing port (default 561)
>
> [...]
> # radium -d -P561 -Slocalhost:562
> # netstat -na|grep 561
> tcp4       0      0  *.561                  *.*                    LISTEN
> #
> [...]
>
> If I add the '-w' option
>
> [...]
> # radium -d -P561 -Slocalhost:562 -w /data2/argus/argus.radium
> # netstat -na|grep 561
> #
> [...]
>
> Regards,
>
> Robin
>
>> Carter
>>
>>
>> Carter Bullard
>> QoSient LLC
>> 150 E. 57th Street Suite 12D
>> New York, New York 10022
>> +1 212 588-9133 Phone
>> +1 212 588-9134 Fax
>>
>> -----Original Message-----
>> From: Robin Gruyters <r.gruyters at yirdis.nl>
>> Date: Fri, 09 Jun 2006 15:12:55
>> To:Argus <argus-info at lists.andrew.cmu.edu>
>> Subject: [ARGUS] radium things
>>
>> Hi ya,
>>
>> I was testing the new radium tool and notice a few things:
>>
>> 1) It coredumps when connecting with non-root account to remote
>> Argus daemons.
>>     $ radium -Slocalhost:562 -Slocalhost:563 -w /tmp/argus.radium
>>     Bus error (core dumped)
>>
>> 2) When trying to run radium as a server (-P561) it won't create a listening
>>     interface.
>>
>> Regards,
>>
>> Robin Gruyters
>> Network and Security Engineer
>> Yirdis B.V.
>> I: http://yirdis.com
>> P: +31 (0)36 5300394
>> F: +31 (0)36 5489119
>>
>>
>>
>
>
>
>




More information about the argus mailing list