Argus dying off

Peter Van Epp vanepp at sfu.ca
Wed Dec 5 18:47:51 EST 2007 

On Thu, Dec 06, 2007 at 10:20:21AM +1300, Mark Borrie wrote:
> I am trying to upgrade to Argus version 3.0.0. We have sucessfully run 
> version 2 for years. It will run in daemon mode for up to a couple of 
> hours before dying off. At this stage I dont know what may be causing 
> the problem. The OS is RHEL 4.
> 
> At the moment I am trying to get debugging going to see what that turns 
> up. Does this need to be turned on at compile time? If so is there a 
> configure switch for this?
> 
> Any other hints at narrowing down our problem would be appreciated.
> 
> Thanks, Mark
> 
> 
> -- 
> Mark Borrie
> Information Security Manager,
> Information Technology Services, University of Otago,
> Dunedin, N.Z.
> Ph +64 3 479-8395, Fax +64 3 479-5080, Mobile +64 27 609-6409

	I'm assuming you have the latest code which looks to be 
argus-3.0.0.tar.gz Oct 19 14:03 and argus-clients-3.0.0.rc.63.tar.gz from
Nov  5 17:14 (which is I think where I last was as well). 
	To get debug information you need to touch ./devel and ./debug in the
source directory and then make clobber, ./configure and make. Before doing 
that you might want to look in syslog (/var/log/messages on SUSE) to see if 
the argus is syslogging why it died. When last I was running 3.0 (early 
November before my storage disk died) on clients.rc.62 probably, things had 
been stable on these versions for me. 
	Two things I did see on clients rc.63 is that Cisco netflow didn't seem
to be working (or I wasn't configuring it correctly) and removing the default
.threads file from the source directory didn't any more disable client threads
(which had been problematic for me in earlier rcs). I'm hoping to get some 
spare time to poke more some time soon but we will see ...
	Once the recompile is done then the -D flag on the clients will produce
debug logs (although they slow the client down a fair bit if you are on a fast
link that may cause difficulties) which can be redirected to a file to look at
after a failure.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the argus mailing list