Argus-info Digest, Vol 21, Issue 8
CS Lee
geek00l at gmail.com
Thu May 10 12:57:34 EDT 2007
Carter,
Argus server and client compiled fine on freebsd 6.x, and ratop seems to be
working properly too.
On 5/11/07, argus-info-request at lists.andrew.cmu.edu <
argus-info-request at lists.andrew.cmu.edu> wrote:
>
> Send Argus-info mailing list submissions to
> argus-info at lists.andrew.cmu.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
> or, via email, send a message with subject or body 'help' to
> argus-info-request at lists.andrew.cmu.edu
>
> You can reach the person managing the list at
> argus-info-owner at lists.andrew.cmu.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Argus-info digest..."
>
>
> Today's Topics:
>
> 1. new code on the server (Carter Bullard)
> 2. Re: new code on the server (K K)
> 3. Re: new code on the server (Peter Van Epp)
> 4. Re: new code on the server (Peter Van Epp)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 9 May 2007 18:29:18 -0400
> From: Carter Bullard <carter at qosient.com>
> Subject: [ARGUS] new code on the server
> To: Argus <argus-info at lists.andrew.cmu.edu>
> Message-ID: <62D5052C-6DF4-4738-8738-91A4F78DF9AD at qosient.com>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
>
> Gentle people,
> New code on the server for testing. The only change to argus-3.0.0
> is an update for the client filter compiler, so that it will have the
> additions that we have made to the client compiler functions
> ("encaps [gre | ether | mpls | ...]" and "[src | dst] appbytes [gt |
> lt | eq] value" )
> and some man page additions to clarify the switches and command
> line options that are available, and basic argus.conf defaults. No
> change in functionality.
>
> Argus cygwin support does not look good, as there reports of
> a segmentation fault on some machines in the routine
> "init_display_handler()". This looks to be a stack problem,
> and so we probably will not have cygwin support for argus,
> in the release. The clients look fine for cygwin.
>
> For the clients, there are a number of modifications based on
> requests from the list, all of those requests were supported (filter
> for appbytes, netflow srcid mods when reading from multiple
> netflow sources at once, cygwin support).
>
> ratop() has been restructured to look more like 'vi', so that we can
> add more features in an intelligent way. I added regular expression
> searching through the ratop() buffer, standard vi navigation, and
> added the use of the ':' character to enter command mode. To add
> all of this, I had to invent the "/" mode, and ":" modes, so we could
> have enough single characters to do navigation and to also get
> stuff done. The next step of course is to add a manpage, and
> I still need to update the "help" screen, so I'm sorry for the lack
> of documentation.
>
> When you first run ratop, on either a file or a live stream, you are
> in navigation mode, just like vi. From here you can use the standard
> "h,j,k,l" characters, we support "b,w" to move forward and backward
> words, and "^,$" to go to the beginning and end of a line, and to go
> to a specific line, try ":linenum", just like vi.
>
> Where we had single character 'hotkeys' for editing the flow model
> or fields specific, these are now ":" commands. Type ":" and the single
> character, and then it will work as it did before. When strings come up
> that you can edit, ratop() now supports readline() functions and has a
> history for searching and many other nice features, so hopefully it is
> more useful. All of these functions are available even when ratop() is
> working with a data stream, so its a pretty cool set of new features.
>
> Thanks for all the support, and please keep those email/cards coming.
>
> ftp://qosient.com/dev/argus-3.0
>
> Carter
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 9 May 2007 20:04:03 -0500
> From: "K K" <kkadow at gmail.com>
> Subject: Re: [ARGUS] new code on the server
> To: Argus <argus-info at lists.andrew.cmu.edu>
> Message-ID:
> <dc718edc0705091804i6e0bb738q8bf4b0e07a7f6183 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 5/9/07, Carter Bullard <carter at qosient.com> wrote:
> > New code on the server for testing.
>
> Thanks for the update.
>
> RC.44 builds and runs on OpenBSD/i386 (except for 'ratop', see below)
>
> The netflow srcid mods work perfectly. Now I know the Network team
> has 44 different routers sending flows to my poor little overworked
> server.
>
> With the ability to filter on Netflow source router (srcid), my
> Internet usage summary matches up with the firewall's own accounting
> records, as racluster is no longer counting the same packets twice
> from two different routers.
>
> The changes to ratop sound great, so I thought I'd give it another
> look, as I haven't tried it since V2. Unfortunately, ratop
> consistently segfaults in ArgusGenerateLabel(). My bad for not trying
> it earlier (I rolled back the install and the same thing happens with
> rc.43).
>
> This may be an OpenBSD-specific bug, or possibly an off-by-one error
> which other operating systems let slip by (a "feature" of OpenBSD's
> malloc, added in release 3.8). I emailed gdb details to Carter.
>
> Kevin
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 10 May 2007 08:41:07 -0700
> From: Peter Van Epp <vanepp at sfu.ca>
> Subject: Re: [ARGUS] new code on the server
> To: argus-info at lists.andrew.cmu.edu
> Message-ID: <20070510154107.GA18198 at sfu.ca>
> Content-Type: text/plain; charset=us-ascii
>
> Clients.rc.44 dies on Suse 10.2 on a missing termcap library (I
> expect
> called something else or perhaps I need to add something since there
> doesn't
> appear to be anything likely in /usr/lib either) in ratop:
>
> gcc -O3 -pthread -o ../bin/ratop ratop.o ../lib/argus_parse.a
> ../lib/argus_common.a ../lib/argus_client.a -lm -lncurses -lreadline
> -ltermcap
> /usr/bin/ld: cannot find -ltermcap
> collect2: ld returned 1 exit status
> make[1]: *** [../bin/ratop] Error 1
> make[1]: Leaving directory `/usr/local/src/argus/argus-clients-3.0.0.rc.44
> /ratop'
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 10 May 2007 08:45:53 -0700
> From: Peter Van Epp <vanepp at sfu.ca>
> Subject: Re: [ARGUS] new code on the server
> To: argus-info at lists.andrew.cmu.edu
> Message-ID: <20070510154553.GB18198 at sfu.ca>
> Content-Type: text/plain; charset=us-ascii
>
> Hmmm, Mac OS 10 is unhappy in a different way as well:
>
> gcc -O3 -I. -I../include -I../common -DPACKAGE_NAME=\"\"
> -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\"
> -DPACKAGE_BUGREPORT=\"\" -DHAVE_VFPRINTF=1 -DHAVE_STRCASECMP=1
> -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRDUP=1 -DHAVE_STRFTIME=1
> -DHAVE_SETLINEBUF=1 -DHAVE_SETENV=1 -DHAVE_ALARM=1 -DSTDC_HEADERS=1
> -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1
> -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1
> -DHAVE_UNISTD_H=1 -DHAVE_INTTYPES_H=1 -DARGUS_THREADS=1 -DHAVE_TCP_WRAPPER=1
> -DHAVE_SYS_SOCKIO_H=1 -DHAVE_STRING_H=1 -DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1
> -DHAVE_SYSLOG_H=1 -DHAVE_ETHER_HOSTTON=1 -DHAVE_STRERROR=1 -DHAVE_STRTOF=1
> -DHAVE_SRANDOMDEV=1 -DARGUS_CURSES=1 -DHAVE_DARWIN=1 -DSTDC_HEADERS=1 -c
> ./ratop.c
> ./ratop.c: In function 'ArgusClientInit':
> ./ratop.c:184: error: 'rl_event_hook' undeclared (first use in this
> function)
> ./ratop.c:184: error: (Each undeclared identifier is reported only once
> ./ratop.c:184: error: for each function it appears in.)
> ./ratop.c: In function 'argus_redisplay_function':
> ./ratop.c:4693: error: 'rl_done' undeclared (first use in this function)
> ./ratop.c: In function 'argus_process_command':
> ./ratop.c:5947: error: 'rl_done' undeclared (first use in this function)
> make[1]: *** [ratop.o] Error 1
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>
> ------------------------------
>
> _______________________________________________
> Argus-info mailing list
> Argus-info at lists.andrew.cmu.edu
> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
>
>
> End of Argus-info Digest, Vol 21, Issue 8
> *****************************************
>
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070511/fca8b5c0/attachment.html>
More information about the argus
mailing list