argus instability problem

Robin Gruyters r.gruyters at yirdis.nl
Tue Jul 17 02:45:23 EDT 2007 

Hi Carter,

The last (running) version that i'm using here, downloaded on the 26  
of June. Sinds then it's working fine. No problems at all.

Here is some info about my system.

# uname -a
FreeBSD nsm-01 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Apr 13 16:00:00  
CEST 2007     root at se-mt-01:/data/obj/data/src_6_2/sys/YIRDIS.NSM  i386

# ldd /usr/local/sbin/argus
/usr/local/sbin/argus:
         libpcap.so.4 => /lib/libpcap.so.4 (0x480b0000)
         libwrap.so.4 => /usr/lib/libwrap.so.4 (0x480d5000)
         libm.so.4 => /lib/libm.so.4 (0x480dc000)
         libc.so.6 => /lib/libc.so.6 (0x480f2000)

/lib/libpcap.so.4:
/usr/lib/libwrap.so.4:
          workarounds.c 1.6 96/03/19 16:22:25
/lib/libm.so.4:
/lib/libc.so.6:
         key_call.c      1.25    94/04/24 SMI

# cat /etc/argus.conf
ARGUS_MONITOR_ID="aaa.bbb.ccc.ddd"
ARGUS_ACCESS_PORT=5611
ARGUS_BIND_IP="127.0.0.1"
ARGUS_INTERFACE=ste6
ARGUS_COLLECTOR=yes
ARGUS_SETUSER_ID=sguil
ARGUS_SETGROUP_ID=sguil
ARGUS_SET_PID=yes
ARGUS_PID_PATH=/var/run/nsm
ARGUS_FLOW_STATUS_INTERVAL=60
ARGUS_GENERATE_MAC_DATA=yes
ARGUS_CAPTURE_DATA_LEN=128
ARGUS_DEBUG_LEVEL=0

[process list]
sguil     610  0.0  0.4 12956  7816  ??  Ss   26Jun07  28:05.14  
/usr/local/sbin/argus -d -F /etc/argus.conf

[bpfstat]
   610    ste6  p--s-  84126938    0  84126938  1298     0 argus


I use radium(8) to collect the data from the Argus daemon.

Anyway, hope you can find the problem and fix it. If you need more  
info, let me know.

Kind regards,

Robin Gruyters
Network and Security Engineer
Yirdis B.V.
I: http://yirdis.com
P: +31 (0)36 5300394
F: +31 (0)36 5489119


Quoting Carter Bullard <carter at qosient.com>:

> Gentle people,
> Peter and I (unfortunately mostly Peter in the last weeks) have been
> tracing down an instability problem that got into the code with the june 16th
> build.  It is a bit more complicated than just take a seg fault core and go
> fix the obvious problem, so , and I'm going to revert back to the version
> prior to this to try to fix it again.
>
> Has anyone experienced the level of instability that Peter is experiencing
> with the latest argus on the sever (or any version of argus-3.0.0?)?
>
> Carter


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: PGP Digital Signature
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070717/b2ade809/attachment.sig>

More information about the argus mailing list