Argus stops writing to file!
Carter Bullard
carter at qosient.com
Fri Nov 3 10:40:23 EST 2006
Hey Kjell,
Sorry for the delayed response. Argus should to a stat() on the
filename to see if
the name is still there, and if not it should recreate the file and
start writing into the
new file.
Are there any system messages in your system error log (/var/log/
messages ?).
If you ran ./configure with a '.devel' file present, then you should
be able to
attach to it using gdb() and trace to see what it thinks its doing.
Look in the
routine ArgusWriteSocket(), (you can set a break in this routine
after you
attach to it), to see what filename it thinks its using.
You can also use lsof(), to see what file descriptors argus() is
currently using.
It maybe that argus chroot'd() somewhere and it changed your path?
Carter
On Oct 30, 2006, at 8:16 AM, Kjell Tore Fossbakk wrote:
> Hello!
>
> I have some difficulties understanding why my Argus (v.2.0.5),
> running on a Gentoo 64bit system, stops writing flows to it's
> output file.
>
> I got a system which moves away the output file on a regular basis,
> and then puts the flows into a database. For the past year Argus
> has never failed to create a new file, as the old file is movied
> away, and continuing writing flows.
>
> Is there any debugging feature I could enable?
>
> Please advice!
>
> --
>
> Social Engineering Specialist
> - Because there's no patch for Human Stupidity
More information about the argus
mailing list