new argus and argus-clients code available

carter at qosient.com carter at qosient.com
Wed Jun 14 07:37:36 EDT 2006 

It looks like you could be overflowing the command line argv array?  The ra* programs support:
    racount -R /data2/argus/05

The counts are being printed incorrectly because the counters are now 64-bit, and I bet your system isn't handling the %ll properly.  Does your machine use %L?

So what kind of machine is this?  

Carter

Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax  

-----Original Message-----
From: Robin Gruyters <r.gruyters at yirdis.nl>
Date: Wed, 14 Jun 2006 09:20:26 
To:argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] new argus and argus-clients code available

Hello,

Tested the racount on a copy of last month data, and this whats happens:

[...]
# racount -ar /data2/argus/05/*/*
racount[55289]: syslog: unknown facility/priority: 302f7375
racount[55289]: 09:04:44.789405   
/data2/argus/05/01/argus.2006.05.01.00.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.01.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.02.00.01.bz2  
/data2/argus/05/01/argus.2006.05.01.03.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.04.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.05.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.06.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.07.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.08.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.09.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.10.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.11.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.12.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.13.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.14.00.01.bz2  
/data2/argus/05/01/argus.2006.05.01.15.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.16.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.17.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.18.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.19.00.00.bz2 /data2/argu
Segmentation fault (core dumped)
[...]

The archived data is from argus-2.0.6.

If I remove the "-a" option, it works fine. Also tested with "ra" tool:

[...]
# ra -ar /data2/argus/05/*/*
ra[57228]: syslog: unknown facility/priority: 302f7375
ra[57228]: 09:10:36.838177   
/data2/argus/05/01/argus.2006.05.01.00.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.01.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.02.00.01.bz2  
/data2/argus/05/01/argus.2006.05.01.03.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.04.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.05.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.06.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.07.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.08.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.09.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.10.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.11.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.12.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.13.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.14.00.01.bz2  
/data2/argus/05/01/argus.2006.05.01.15.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.16.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.17.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.18.00.00.bz2  
/data2/argus/05/01/argus.2006.05.01.19.00.00.bz2 /data2/argus/05/
Segmentation fault (core dumped)
[...]

Also the output from racount isn't correct! (does not match with the  
current racount from 2.0.6)

[old racount from 2.0.6]
# racount -r /data2/argus/archive/05/*/* - net 82.148.219.xxx/28
racount    records       total_pkts         src_pkts         dst_pkts   
     total_bytes        src_bytes        dst_bytes
     sum    1800024         85963657         35640845         50322812  
      59584466433       8453613521      51130852912
[end]

[new racount from 3.0.0-rc.8]
# racount -r /data2/argus/05/*/* - net 82.148.219.xxx/28
racount   records     total_pkts     src_pkts       dst_pkts        
total_bytes        src_bytes          dst_bytes
     sum   1800947     0              85965236       0               
35641713           0                  50323523
[end]

The total_pkts, dst_pkts and src_bytes are 0 (=zero).

Regards,

Robin

Quoting Carter Bullard <carter at qosient.com>:

> Gentle people,
>   New code on the server.  It doesn't fix everything (radium problem
> not addressed) but porting issues should be addressed, and
> argus-2.0 backward compatibility is working again.  Please
> give this new a code a run down.
>
> ftp://qosient.com/dev/argus-3.0
>
> Thanks!!!!
> Carter

More information about the argus mailing list