new clients rc.65 on the server

Thu Dec 27 12:22:23 EST 2007

Hey Peter,
Ok, I have binding for specific addresses for netflow working now.
BUT, I had to make some changes to the syntax, so now everything
is a bit different.  I've made changes to the man pages so, hopefully
it won't be tooo painful.

The -C option is now similar to the -S option:

usage:ra
          -C <[host]:port>      specify Cisco Netflow source.
          -S <host[:port]>      specify remote argus and optional port  
number

This allows ra* programs to read from Cisco and Argus data sources
at the same time.  Before the -C flag declared all sources to be Cisco
data sources.

I'm not sure why the AF_ANY:port didn't pick up your netflow records,
but try this out and lets see if it works for you.  argus- 
clients-3.0.0.rc.66.tar.gz,
I should have it up in an hour or so.

Carter

On Dec 14, 2007, at 5:52 PM, Peter Van Epp wrote:

> 	Progress. With this perhaps wrong patch it at least compiles and  
> fails
> as rc.63 did (hopefully non threaded so gdb will work in an  
> understandable way):
>
> sniffer1:/usr/local/src/argus/argus-clients-3.0.0.rc.65 # ra3 -C -S  
> 192.75.244.195:1025 -n -D 2
> ra3[9134]: 07-12-14 14:49:14 main: reading files completed
> ra3[9134]: 07-12-14 14:49:14 Binding AF_ANY:1025 Expecting Netflow  
> records
> ra3[9134]: 07-12-14 14:49:14 ArgusGetServerSocket (0xf7f48008)  
> returning 3
> ra3[9134]: 07-12-14 14:49:14 ArgusParseInit(0xf7faf008 0xf7f48008
> ra3[9134]: 07-12-14 14:49:15 ArgusClientTimeout()
> ra3[9134]: 07-12-14 14:49:16 ArgusClientTimeout()
> ra3[9134]: 07-12-14 14:49:17 ArgusClientTimeout()
>
> the netstat -an indicates it is listening on default but without an  
> IP which
> may be the problem:
>
> udp        0      0 0.0.0.0:1025            0.0.0.0:*
>
> although I'd think it would pick up the packets anyway. I'll see if  
> gdb lets
> me look at what is getting set now or if threads are still on.
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
> *** common/argus_client.c.orig  2007-12-14 14:24:16.000000000 -0800
> --- common/argus_client.c       2007-12-14 14:41:57.000000000 -0800
> ***************
> *** 1851,1863 ****
>     int status, retn, done = 0;
>  #if defined(ARGUS_THREADS)
>     pthread_attr_t attr;
> - #endif
> -
>     if ((status = pthread_attr_init(&attr)) != 0)
>        ArgusLog (LOG_ERR, "pthreads init error");
>
>     while (!done && !ArgusParser->RaParseDone) {
>        if ((addr = (struct ArgusInput *) ArgusPopQueue(queue,  
> ARGUS_LOCK)) != NULL) {
>           if ((retn = pthread_create(&addr->tid, &attr,  
> ArgusConnectRemote, addr)) != 0) {
>              switch (retn) {
>                 case EAGAIN:
> --- 1851,1864 ----
>     int status, retn, done = 0;
>  #if defined(ARGUS_THREADS)
>     pthread_attr_t attr;
>     if ((status = pthread_attr_init(&attr)) != 0)
>        ArgusLog (LOG_ERR, "pthreads init error");
> + #endif
>
>     while (!done && !ArgusParser->RaParseDone) {
>        if ((addr = (struct ArgusInput *) ArgusPopQueue(queue,  
> ARGUS_LOCK)) != NULL) {
> +
> + #if defined(ARGUS_THREADS)
>           if ((retn = pthread_create(&addr->tid, &attr,  
> ArgusConnectRemote, addr)) != 0) {
>              switch (retn) {
>                 case EAGAIN:
> ***************
> *** 1868,1873 ****
> --- 1869,1875 ----
>                    break;
>              }
>           }
> + #endif
>        }
>
>        sleep(1);
>
>