Argus memory issues

Peter Van Epp vanepp at sfu.ca
Thu Aug 23 23:27:42 EDT 2007 

On Fri, Aug 24, 2007 at 01:21:41PM +1200, Russell Fulton wrote:
> This somehow got trapped in my outbox last night.
> 
> Hmmm... I got a seg fault on FC6 after about 5 minutes running.  It got
> up to 40MB memory before it died.   I'm not running a client on the box
> but there are two other instances of argus.
> 
> Anyone remember what the incantation for FC to turn on core dumps?
> 
> I'm off home now...
> 
> R

ulimit -c unlimited

on SUSE (and I expect RH is the same)
	I just loaded the latest argus with .threads, .memory .debug and .devel
all set and am about to try starting a client on the Mac :-).
	A couple of minutes in its still looking good. Don't see any records
without a time stamp on a scroll through the ra output:

test4:/var/log/argus vanepp$ ra3 -r com_argus -n
07-08-23 20:19:28  e          udp       142.58.103.1.41451    <->       192.26.92.30.53            2        1          168          193   CON
07-08-23 20:19:28  e          tcp     216.171.102.38.17990    <?>      206.12.16.134.3127          5        4          885          242
07-08-23 20:19:28  e          tcp       142.58.74.10.1767     <?>       80.148.16.20.40706         1        1           60           95
07-08-23 20:19:28  e          udp    212.100.234.175.32914    <->       142.58.103.2.53            1        1           77          230   CON
07-08-23 20:19:28  e          udp     68.150.175.185.6970     <->     204.239.18.207.31296         6        6          360          360   CON
07-08-23 20:19:28  e          udp     222.132.250.27.62709    <->       199.60.7.184.6775          1        1          165           78   CON
07-08-23 20:19:28  e          tcp      24.86.135.133.60023    <?>     142.58.101.251.443           7        6         1045         1101
07-08-23 20:19:28  e          tcp      189.175.56.87.3474     <?>      142.58.101.50.25            2        1          120           60
07-08-23 20:19:28  e          tcp     222.216.28.140.3713      ?>       209.87.56.48.3128          1        0           62            0
07-08-23 20:19:28  e          tcp       206.12.29.48.443       ?>      154.5.218.185.4267          3        0         1712            0
07-08-23 20:19:28  e          tcp      142.58.211.84.54620    <?>      72.14.253.147.80           11       10         1061        10034
07-08-23 20:19:28  e          tcp       199.60.7.184.6775     <?>     222.135.110.36.62204         2        1          207           82
07-08-23 20:19:28  e          udp       142.58.103.1.41451    <->    216.157.144.101.53            2        2          202          244   CON
07-08-23 20:19:28  e         icmp     209.17.188.218           ->      206.12.16.134              21        0         1470            0   TXD
...
07-08-23 20:19:44  e          tcp      75.153.80.142.3748     <?>     142.58.101.251.443          13       16         1729        15411
07-08-23 20:19:44  e          tcp      142.58.101.50.25       <?>     200.103.91.176.1621          2        2          153          120
07-08-23 20:19:44  e          udp       199.60.7.184.6775     <->        87.97.40.45.25879         1        1           74          422   CON

and memory is staying down (although traffic will be fairly low too I expect)

ps auxwwww | grep argus
root     23980  4.8  0.3  85900 14596 pts/1    SLl  20:12   0:17 argus -JR -P 560 -i eth0 -i eth1 -U 512 -m -F /scratch/argus.conf
vanepp   24019  0.0  0.0   3132   832 pts/1    S+   20:18   0:00 grep argus
vanepp at hcids:~> ps auxwwww | grep argus
root     23980  4.8  0.3  86112 14728 pts/1    SLl  20:12   0:32 argus -JR -P 560 -i eth0 -i eth1 -U 512 -m -F /scratch/argus.conf
vanepp   24021  0.0  0.0   3132   832 pts/1    S+   20:23   0:00 grep argus

	I guess we will see what happened in the morning :-).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the argus mailing list