rc.12 on the server

[Carter Bullard]

Impossible to say, so lets try to figure it out.  Easiest to run argus
with a low debug number to see what it thinks is going on.
If you didn't compile in the debug support we'll need to:

    % touch .debug
    % ./configure;make clean;make

So, even if there aren't any packets on the interface, argus
should generate a management record every 60 seconds,
unless you've redefined it in the /etc/argus.conf file, if you
installed one.

Run argus with say, -D4 and see what it thinks is going on.

Carter

On Jun 26, 2006, at 2:45 PM, Richard Bejtlich wrote:

> On 6/26/06, Carter Bullard <carter at qosient.com> wrote:
>> Gentle people,
>>     argus-3.0.rc.12, both server and client, are on the server.
>
> Hi Carter,
>
> I just installed those on this box:
>
> # uname -a
> FreeBSD shuttle.taosecurity.com 6.1-RELEASE FreeBSD 6.1-RELEASE #0:
> Sun May  7 04:04:14 UTC 2006
> root at bloom.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>
> I'm running Argus this way:
>
> argus -d -i bge0 -w /nsm/argus2.arg
>
> I should have records:
>
> # ls -al /nsm/argus2.arg
> -rw-r--r--  1 root  wheel  30816 Jun 26 14:44 /nsm/argus2.arg
>
> I cannot read them:
>
> # ra -r /nsm/argus2.arg
> ra[5127]: 14:44:54.334136 no input files
>
> # racount -r /nsm/argus2.arg
> racount[5131]: 14:45:08.788133 no input files
> racount   records     total_pkts     src_pkts       dst_pkts
> total_bytes        src_bytes          dst_bytes
>    sum   0           0              0              0              0
>               0                  0
>
> Is this operator error or a 64 bit issue?
>
> Thank you,
>
> Richard
>