example of ArgusReadConnection error
MN
mnewton at stanford.edu
Wed Oct 25 16:54:59 EDT 2006
Hi Carter - thanks. There's not a rush on it.
The records are rare - maybe one every couple of days on some
gigabit taps.
I'm still trying to isolate the other failure.
- mike
On Wed, Oct 25, 2006 at 01:11:25AM -0400, Carter Bullard wrote:
> Hey Mike,
> The record that is giving the problems has a blank ARGUS_FLOW_DSR,
> at least the data is blank, the size, and type of the TLV, are fine,
> but the
> subtype field, which tells clients how to decode the flow structure, and
> the qualifier are both zero. Not good. The time and metric DSRs
> are fine
> but the ARGUS_NETWORK_DSR is short, suggesting that it could be an
> arp flow, but maybe not.
>
> Well, anyway, its easy to bounce past your mangled record, because
> the record's total length field is correct. I've taken out the fatal
> error
> message, and made it so that it will just bounce past these poorly
> formed records. I'll have to scour through argus() to see what
> kind of record this may actually be.
>
> I'll have new code up by Friday, if that's ok!!!!
>
> Carter
>
>
> On Oct 23, 2006, at 5:58 PM, MN wrote:
>
> >
> >Hi Carter - I can't mail this to the group because it contains private
> >data. You are welcome to forward the message, without the attachment
> >to the list.
> >
> >The following file was constructed by running rasplit (several passes)
> >on an original output file to get a small sample file. It has the
> >following problem:
> >
> ># ra -n -r argus_read_conn_err
> >ArgusAlert: ra[6039]: ArgusReadConnection: not Argus-2.0 data stream.
> >
> >
> >Hope this helps...
> >- mike
> ><argus_read_conn_err>
>
>
More information about the argus
mailing list