Problems with RA and 64bit
Kjell Tore Fossbakk
kjelltore at gmail.com
Tue Sep 26 09:26:21 EDT 2006
Hello!
I am running Gentoo 2006.1 with a x86_64 amd opteron processor, two infact.
I have been able to compile and run Argus 2.0.5, with both the netflow
sniffer (argus) and the clients (ra).
However, I got alot of backup flows (several gigs of data) which have been
recored using Argus 2.0.6 (On a FreeBSD 32bit system). I didn't think the
versions would matter that much. I am having difficulties reading my backup
flows with ra 2.0.5.
FreeBSD 6.0 with argus 2.0.6 (which captured and stored flows)
Gentoo 2006.1 with argus 2.0.5 (which are trying to read them with RA)
To demonstrate, i got a 2.7M file with ~19000 flows (with ra-2.0.5)
server bin # /usr/bin/ra -cn -r argus_backupfile
26 Jun 06 21:54:20 man version=255.0probeid=0
STA
That's it... With ra-2.0.6 i did a 'ra <options..> | wc -l', and got ~19000.
What can I do to resolve this? Why doesn't RA recognize the flows? It is
that the flows where created using FreeBSD, and I am trying to read them in
a Linux environment? Is it just because of some major differences between
2.0.5 and 2.0.6?
Also, the RA-2.0.5 does not recognize RA_FILER_SPECIFIC (or what it was
called) which I am using in RA-2.0.6. Other than that, the files are about
identical.
I wanted to install 2.0.6 on my machine. Installing Argus was not a problem,
however, Installing the clients (
http://qosient.com/argus/src/argus-clients-2.0.6.tar.gz) did not work. Get
tons of errors.
So, can i do?
Kjell Tore Fossbakk
--
Social Engineering Specialist
- Because there's no patch for Human Stupidity
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060926/61f40c35/attachment.html>
More information about the argus
mailing list