Looks like a new bug in argus

Russell Fulton r.fulton at auckland.ac.nz
Sun Aug 19 04:51:27 EDT 2007


Sorry Timo, you get two copies of this.  I just realised I failed to CC
the list...

I have noticed odd behaviour to with argus crashing mysteriously - I am
also having trouble with snort and memory exhaustion would explain
both.  I've been flat out with other things and have been investigating
the problem sporadically.

Russell

Timo Sühl wrote:
> Hi Peter,
>
> i think the memory leak also affects me. It eats more and more memory
> and then begins to swap:
>
> cis:~# ps aux | grep argus
> root      4899  0.6 94.8 1434984 983168 ?      Dsl  Aug18   4:26
> /usr/local/sbin/argus -de cis -w /var/log/argus/argus.out
>
> As i'm not familar with programming ... can you tell me how to disable
> the threads? Is it "-DARGUS_THREADS=X" in its Makefile?
>
> Timo
>
> Peter Van Epp schrieb:
>>     Another data point: setting the debug level down (til where it
>> becomes
>> active) in common/argus_util.c breaks the argus:
>>
>> *** common/argus_util.c.orig    2007-08-18 16:37:06.000000000 -0700
>> --- common/argus_util.c.new     2007-08-18 18:16:08.000000000 -0700
>> ***************
>>
>> (this one works OK)
>> *** 1221,1227 ****
>>   #endif
>>      }
>>   #ifdef ARGUSDEBUG
>> !    ArgusDebug (6, "ArgusMalloc (%d) returning 0x%x\n", bytes, retn);
>>   #endif
>>      return (retn);
>>   }
>> --- 1221,1227 ----
>>   #endif
>>      }
>>   #ifdef ARGUSDEBUG
>> !    ArgusDebug (1, "ArgusMalloc (%d) returning 0x%x\n", bytes, retn);
>>   #endif
>>      return (retn);
>>   }
>>
>> (but doing this one with threads enabled hangs)
>>
>> ***************
>> *** 1285,1291 ****
>>      }
>>
>>   #ifdef ARGUSDEBUG
>> !    ArgusDebug (6, "ArgusCalloc (%d, %d) returning 0x%x\n", nitems,
>> bytes, retn);
>>   #endif
>>      return (retn);
>>   }
>> --- 1285,1291 ----
>>      }
>>
>>   #ifdef ARGUSDEBUG
>> !    ArgusDebug (1, "ArgusCalloc (%d, %d) returning 0x%x\n", nitems,
>> bytes, retn);
>>   #endif
>>      return (retn);
>>   }
>>
>>
>>     It only gets this far then stops. Disabling threads makes it go
>> again,
>> so for now I have disabled threads. I'm hoping that looking at the
>> debug output
>> will tell us what memory is being lost as we should see the allocs
>> but no frees.
>>
>> Peter Van Epp / Operations and Technical Support Simon Fraser
>> University, Burnaby, B.C. Canada




More information about the argus mailing list