Argus memory issues

Carter Bullard carter at qosient.com
Mon Aug 20 13:02:19 EDT 2007 

Well, you shouldn't need 4G to run argus, so we'll have to fix that.  
I'm going
to devote some real time to working out your memory issues, but I 
suspect that
the threads model is ok, just doesn't do well in overloaded conditions.

Hmmm, well below is valid data, but may not be what you are expecting.  
Layer 3 matrix is
different from Classic 5 tuple, no protocol information, no ports, and 
the directions are
set up to maintain the bi-directional model.  I was more interested in 
the memory use than
the quality of the data, but, ...., this is valid data.  (the UNK 
probably should be an INT, but
that doesn't make the data invalid).

Carter


Peter Van Epp wrote:
> 	Unfortunatly I probably just found out why my memory usage is staying
> down with ARGUS_FLOW_KEY="LAYER_3_MATRIX":
>
> 07-08-20 08:09:56  e          ip      221.130.190.75           ->      142.58.26.171               1        0           60            0   UNK
> 07-08-20 08:09:56  e          ip      221.130.190.75           ->      142.58.26.172               1        0           60            0   UNK
> 07-08-20 08:09:56  e          ip      221.130.190.75           ->       142.58.25.41               1        0           60            0   UNK
> 07-08-20 08:09:56  e          ip      221.130.190.75           ->       142.58.25.40               1        0           60            0   UNK
> 07-08-20 08:09:56  e          ip      221.130.190.75           ->      142.58.26.178               1        0           60            0   UNK
> 07-08-20 08:09:56  e          ip      221.130.190.75           ->      142.58.26.179               1        0           60            0   UNK
>
> 	I'm not actually generating any valid output ...
> (2.0.6 on the same link):
>
> 20 Aug 07 08:02:10           udp    142.58.111.1.53    <->    81.52.143.15.32768 1        1         242          85          CON
> 20 Aug 07 08:02:10           udp   206.12.16.133.2121  <->   64.151.112.20.2121  1        1         74           74          CON
> 20 Aug 07 08:02:10           udp    142.58.103.1.53    <->      80.58.0.99.47514 1        1         230          70          CON
> 20 Aug 07 08:02:10           udp  204.239.18.207.28190 <->   24.151.170.54.6970  1        1         60           60          CON
> 20 Aug 07 08:02:10           udp    199.60.7.184.6775  <->   62.12.139.250.56379 1        1         67           85          CON
> 20 Aug 07 08:02:10           udp  142.58.206.202.123   <->   74.92.142.230.123   1        1         90           90          CON
> 20 Aug 07 08:02:10           udp    142.58.103.1.41451 <->     24.25.4.103.53    1        1         110          218         CON
>
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
>
>

More information about the argus mailing list