new argus and argus-clients code available

Robin Gruyters r.gruyters at yirdis.nl
Fri Jun 16 03:09:51 EDT 2006 

Quoting Carter Bullard <carter at qosient.com>:

> Hey Robin,
>    I can't replicate this bug on any machine, and its a perplexing   
> one because
> of the syslog error warning.  If you feel like doing some gdb debugging I can
> walk you through it.
>    Is anyone else seeing this type of error?
>
>    So what does the -a option do?
>
The -a shows you the counting per protocol. (tcp, udp, icmp, ip, etc)
If I can find the time today, I will try doing some debugging with gdb.

Regards,

Robin

> Carter
>
> On Jun 14, 2006, at 3:20 AM, Robin Gruyters wrote:
>
>> Hello,
>>
>> Tested the racount on a copy of last month data, and this whats happens:
>>
>> [...]
>> # racount -ar /data2/argus/05/*/*
>> racount[55289]: syslog: unknown facility/priority: 302f7375
>> racount[55289]: 09:04:44.789405    
>> /data2/argus/05/01/argus.2006.05.01.00.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.01.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.02.00.01.bz2   
>> /data2/argus/05/01/argus.2006.05.01.03.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.04.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.05.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.06.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.07.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.08.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.09.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.10.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.11.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.12.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.13.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.14.00.01.bz2   
>> /data2/argus/05/01/argus.2006.05.01.15.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.16.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.17.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.18.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.19.00.00.bz2 /data2/argu
>> Segmentation fault (core dumped)
>> [...]
>>
>> The archived data is from argus-2.0.6.
>>
>> If I remove the "-a" option, it works fine. Also tested with "ra" tool:
>>
>> [...]
>> # ra -ar /data2/argus/05/*/*
>> ra[57228]: syslog: unknown facility/priority: 302f7375
>> ra[57228]: 09:10:36.838177    
>> /data2/argus/05/01/argus.2006.05.01.00.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.01.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.02.00.01.bz2   
>> /data2/argus/05/01/argus.2006.05.01.03.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.04.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.05.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.06.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.07.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.08.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.09.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.10.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.11.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.12.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.13.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.14.00.01.bz2   
>> /data2/argus/05/01/argus.2006.05.01.15.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.16.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.17.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.18.00.00.bz2   
>> /data2/argus/05/01/argus.2006.05.01.19.00.00.bz2 /data2/argus/05/
>> Segmentation fault (core dumped)
>> [...]
>>
>> Also the output from racount isn't correct! (does not match with   
>> the current racount from 2.0.6)
>>
>> [old racount from 2.0.6]
>> # racount -r /data2/argus/archive/05/*/* - net 82.148.219.xxx/28
>> racount    records       total_pkts         src_pkts           
>> dst_pkts     total_bytes        src_bytes        dst_bytes
>>    sum    1800024         85963657         35640845           
>> 50322812     59584466433       8453613521      51130852912
>> [end]
>>
>> [new racount from 3.0.0-rc.8]
>> # racount -r /data2/argus/05/*/* - net 82.148.219.xxx/28
>> racount   records     total_pkts     src_pkts       dst_pkts         
>> total_bytes        src_bytes          dst_bytes
>>    sum   1800947     0              85965236       0                
>> 35641713           0                  50323523
>> [end]
>>
>> The total_pkts, dst_pkts and src_bytes are 0 (=zero).
>>
>> Regards,
>>
>> Robin
>>
>> Quoting Carter Bullard <carter at qosient.com>:
>>
>>> Gentle people,
>>>  New code on the server.  It doesn't fix everything (radium problem
>>> not addressed) but porting issues should be addressed, and
>>> argus-2.0 backward compatibility is working again.  Please
>>> give this new a code a run down.
>>>
>>> ftp://qosient.com/dev/argus-3.0
>>>
>>> Thanks!!!!
>>> Carter
>>
>>

More information about the argus mailing list