example of ArgusReadConnection error

Carter Bullard carter at qosient.com
Wed Oct 25 01:11:25 EDT 2006


Hey Mike,
The record that is giving the problems has a blank ARGUS_FLOW_DSR,
at least the data is blank, the size, and type of the TLV, are fine,  
but the
subtype field, which tells clients how to decode the flow structure, and
the qualifier are both zero.   Not good.  The time and metric DSRs  
are fine
but the ARGUS_NETWORK_DSR is short,  suggesting that it could be an
arp flow, but maybe not.

Well, anyway, its easy to bounce past your mangled record, because
the record's total length field is correct.  I've taken out the fatal  
error
message, and made it so that it will just bounce past these poorly
formed records.   I'll have to scour through argus() to see what
kind of record this may actually be.

I'll have new code up by Friday, if that's ok!!!!

Carter


On Oct 23, 2006, at 5:58 PM, MN wrote:

>
> Hi Carter - I can't mail this to the group because it contains private
> data.  You are welcome to forward the message, without the attachment
> to the list.
>
> The following file was constructed by running rasplit (several passes)
> on an original output file to get a small sample file.  It has the
> following problem:
>
> # ra -n -r argus_read_conn_err
> ArgusAlert: ra[6039]: ArgusReadConnection: not Argus-2.0 data stream.
>
>
> Hope this helps...
> - mike
> <argus_read_conn_err>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061025/4fca81dc/attachment.html>


More information about the argus mailing list