new argus and argus-clients code available

Thu Jun 15 17:27:31 EDT 2006

Hey Robin,
    I can't replicate this bug on any machine, and its a perplexing  
one because
of the syslog error warning.  If you feel like doing some gdb  
debugging I can
walk you through it.
    Is anyone else seeing this type of error?

    So what does the -a option do?
Carter

On Jun 14, 2006, at 3:20 AM, Robin Gruyters wrote:

> Hello,
>
> Tested the racount on a copy of last month data, and this whats  
> happens:
>
> [...]
> # racount -ar /data2/argus/05/*/*
> racount[55289]: syslog: unknown facility/priority: 302f7375
> racount[55289]: 09:04:44.789405  /data2/argus/05/01/argus. 
> 2006.05.01.00.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.01.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.02.00.01.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.03.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.04.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.05.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.06.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.07.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.08.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.09.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.10.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.11.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.12.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.13.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.14.00.01.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.15.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.16.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.17.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.18.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.19.00.00.bz2 /data2/argu
> Segmentation fault (core dumped)
> [...]
>
> The archived data is from argus-2.0.6.
>
> If I remove the "-a" option, it works fine. Also tested with "ra"  
> tool:
>
> [...]
> # ra -ar /data2/argus/05/*/*
> ra[57228]: syslog: unknown facility/priority: 302f7375
> ra[57228]: 09:10:36.838177  /data2/argus/05/01/argus. 
> 2006.05.01.00.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.01.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.02.00.01.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.03.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.04.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.05.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.06.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.07.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.08.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.09.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.10.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.11.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.12.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.13.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.14.00.01.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.15.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.16.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.17.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.18.00.00.bz2 /data2/argus/05/01/argus. 
> 2006.05.01.19.00.00.bz2 /data2/argus/05/
> Segmentation fault (core dumped)
> [...]
>
> Also the output from racount isn't correct! (does not match with  
> the current racount from 2.0.6)
>
> [old racount from 2.0.6]
> # racount -r /data2/argus/archive/05/*/* - net 82.148.219.xxx/28
> racount    records       total_pkts         src_pkts          
> dst_pkts      total_bytes        src_bytes        dst_bytes
>     sum    1800024         85963657         35640845          
> 50322812      59584466433       8453613521      51130852912
> [end]
>
> [new racount from 3.0.0-rc.8]
> # racount -r /data2/argus/05/*/* - net 82.148.219.xxx/28
> racount   records     total_pkts     src_pkts       dst_pkts        
> total_bytes        src_bytes          dst_bytes
>     sum   1800947     0              85965236       0               
> 35641713           0                  50323523
> [end]
>
> The total_pkts, dst_pkts and src_bytes are 0 (=zero).
>
> Regards,
>
> Robin
>
> Quoting Carter Bullard <carter at qosient.com>:
>
>> Gentle people,
>>   New code on the server.  It doesn't fix everything (radium problem
>> not addressed) but porting issues should be addressed, and
>> argus-2.0 backward compatibility is working again.  Please
>> give this new a code a run down.
>>
>> ftp://qosient.com/dev/argus-3.0
>>
>> Thanks!!!!
>> Carter
>
>