argus instability problem

Carter Bullard carter at qosient.com
Tue Jul 17 10:41:19 EDT 2007 

Hey Robin,
Thanks!!!  I think that it is affecting mixed 64/32 bit sites, where  
either
argus or radium is running on a different architecture, at least I'm  
hoping
that is the basic problem, as that is explainable ;o)

Glad you're working well, but don't stop sending opinions/comments/ 
suggestions,
as I'm sure it could be better!!!

Carter


On Jul 17, 2007, at 2:45 AM, Robin Gruyters wrote:

> Hi Carter,
>
> The last (running) version that i'm using here, downloaded on the  
> 26 of June. Sinds then it's working fine. No problems at all.
>
> Here is some info about my system.
>
> # uname -a
> FreeBSD nsm-01 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Apr 13  
> 16:00:00 CEST 2007     root at se-mt-01:/data/obj/data/src_6_2/sys/ 
> YIRDIS.NSM  i386
>
> # ldd /usr/local/sbin/argus
> /usr/local/sbin/argus:
>         libpcap.so.4 => /lib/libpcap.so.4 (0x480b0000)
>         libwrap.so.4 => /usr/lib/libwrap.so.4 (0x480d5000)
>         libm.so.4 => /lib/libm.so.4 (0x480dc000)
>         libc.so.6 => /lib/libc.so.6 (0x480f2000)
>
> /lib/libpcap.so.4:
> /usr/lib/libwrap.so.4:
>          workarounds.c 1.6 96/03/19 16:22:25
> /lib/libm.so.4:
> /lib/libc.so.6:
>         key_call.c      1.25    94/04/24 SMI
>
> # cat /etc/argus.conf
> ARGUS_MONITOR_ID="aaa.bbb.ccc.ddd"
> ARGUS_ACCESS_PORT=5611
> ARGUS_BIND_IP="127.0.0.1"
> ARGUS_INTERFACE=ste6
> ARGUS_COLLECTOR=yes
> ARGUS_SETUSER_ID=sguil
> ARGUS_SETGROUP_ID=sguil
> ARGUS_SET_PID=yes
> ARGUS_PID_PATH=/var/run/nsm
> ARGUS_FLOW_STATUS_INTERVAL=60
> ARGUS_GENERATE_MAC_DATA=yes
> ARGUS_CAPTURE_DATA_LEN=128
> ARGUS_DEBUG_LEVEL=0
>
> [process list]
> sguil     610  0.0  0.4 12956  7816  ??  Ss   26Jun07  28:05.14 / 
> usr/local/sbin/argus -d -F /etc/argus.conf
>
> [bpfstat]
>   610    ste6  p--s-  84126938    0  84126938  1298     0 argus
>
>
> I use radium(8) to collect the data from the Argus daemon.
>
> Anyway, hope you can find the problem and fix it. If you need more  
> info, let me know.
>
> Kind regards,
>
> Robin Gruyters
> Network and Security Engineer
> Yirdis B.V.
> I: http://yirdis.com
> P: +31 (0)36 5300394
> F: +31 (0)36 5489119
>
>
> Quoting Carter Bullard <carter at qosient.com>:
>
>> Gentle people,
>> Peter and I (unfortunately mostly Peter in the last weeks) have been
>> tracing down an instability problem that got into the code with  
>> the june 16th
>> build.  It is a bit more complicated than just take a seg fault  
>> core and go
>> fix the obvious problem, so , and I'm going to revert back to the  
>> version
>> prior to this to try to fix it again.
>>
>> Has anyone experienced the level of instability that Peter is  
>> experiencing
>> with the latest argus on the sever (or any version of argus-3.0.0?)?
>>
>> Carter
>
>

More information about the argus mailing list