Argus memory issues
Carter Bullard
carter at qosient.com
Mon Aug 20 14:54:42 EDT 2007
Hey Peter,
Ok, I'm back. So if its timeout issues that may help, lets modify some
timeout values to see if we get better results. All the timeout
constants
are in the file ./argus/ArgusModeler.h. Why don't we lower the timeout
for the UDP traffic (its generally classified as IP traffic).
Set the ARGUS_IPTIMEOUT constant to 0. That should definitely have
a significant effect.
Lets do this with stock argus, but without .threads.
Hope all is most excellent, and thanks for doing so much testing.
Carter
On Aug 20, 2007, at 11:26 AM, Peter Van Epp wrote:
> Unfortunatly I probably just found out why my memory usage is staying
> down with ARGUS_FLOW_KEY="LAYER_3_MATRIX":
>
> 07-08-20 08:09:56 e ip 221.130.190.75 -
> > 142.58.26.171 1 0
> 60 0 UNK
> 07-08-20 08:09:56 e ip 221.130.190.75 -
> > 142.58.26.172 1 0
> 60 0 UNK
> 07-08-20 08:09:56 e ip 221.130.190.75 -
> > 142.58.25.41 1 0
> 60 0 UNK
> 07-08-20 08:09:56 e ip 221.130.190.75 -
> > 142.58.25.40 1 0
> 60 0 UNK
> 07-08-20 08:09:56 e ip 221.130.190.75 -
> > 142.58.26.178 1 0
> 60 0 UNK
> 07-08-20 08:09:56 e ip 221.130.190.75 -
> > 142.58.26.179 1 0
> 60 0 UNK
>
> I'm not actually generating any valid output ...
> (2.0.6 on the same link):
>
> 20 Aug 07 08:02:10 udp 142.58.111.1.53 <->
> 81.52.143.15.32768 1 1 242 85 CON
> 20 Aug 07 08:02:10 udp 206.12.16.133.2121 <->
> 64.151.112.20.2121 1 1 74 74 CON
> 20 Aug 07 08:02:10 udp 142.58.103.1.53 <->
> 80.58.0.99.47514 1 1 230 70 CON
> 20 Aug 07 08:02:10 udp 204.239.18.207.28190 <->
> 24.151.170.54.6970 1 1 60 60 CON
> 20 Aug 07 08:02:10 udp 199.60.7.184.6775 <->
> 62.12.139.250.56379 1 1 67 85 CON
> 20 Aug 07 08:02:10 udp 142.58.206.202.123 <->
> 74.92.142.230.123 1 1 90 90 CON
> 20 Aug 07 08:02:10 udp 142.58.103.1.41451 <->
> 24.25.4.103.53 1 1 110 218 CON
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
More information about the argus
mailing list