new code uploaded - argus cygwin support

Peter Van Epp vanepp at sfu.ca
Wed Sep 12 22:37:13 EDT 2007 

	We do seem to be getting closer. The last argus version seems to have
run fine for a long time (a few queue warnings) in a reasonable amount of 
memory across times when our link has been busier than it ever has before :-):

hcids:/usr/local/src/argus/argus-3.0.0 # !ps
ps auxwwww | grep argus
root      1084  9.4  9.8 390112 386616 ?       RL   Sep09 459:02 argus -J -P 560 -i eth0 -i eth1 -U 512 -m -F /scratch/argus.conf
root     12831  0.0  0.0   3132   832 pts/1    S+   19:27   0:00 grep argus
hcids:/usr/local/src/argus/argus-3.0.0 # kill -HUP 1084
hcids:/usr/local/src/argus/argus-3.0.0 # !ps
ps auxwwww | grep argus
root     12833  0.0  0.0   3132   832 pts/1    S+   19:27   0:00 grep argus
hcids:/usr/local/src/argus/argus-3.0.0 # cp bin/argus /usr/local/bin
hcids:/usr/local/src/argus/argus-3.0.0 # cd /scratch
hcids:/scratch # ls
argus.conf         argus.conf.pcap  debug.log  rotate.log  sequence
argus.conf.nopcap  current.html     malloc.pl  rotate.pl
hcids:/scratch # tail -100 debug.log
  ArgusWarning: argus[1084]: 09 Sep 07 10:23:09.278849 started
  ArgusWarning: argus[1084]: 09 Sep 07 10:23:09.279047 ArgusGetInterfaceStatus: interface eth1 is up
  ArgusWarning: argus[1084]: 09 Sep 07 10:23:09.279090 ArgusGetInterfaceStatus: interface eth0 is up
     ArgusInfo: argus[1084]: 09 Sep 07 10:24:06.709582 connect from test4.ucs.sfu.ca
     ArgusInfo: argus[1084]: 09 Sep 07 19:48:54.707686 connect from test4.ucs.sfu.ca
  ArgusWarning: argus[1084]: 10 Sep 07 16:38:26.341235 ArgusWriteOutSocket(0x11ad5ad0) max queue exceeded 100001
  ArgusWarning: argus[1084]: 10 Sep 07 16:38:26.341335 ArgusWriteOutSocket(0x11ad5ad0) max queue exceeded 100001
     ArgusInfo: argus[1084]: 11 Sep 07 11:56:48.109155 connect from test4.ucs.sfu.ca
  ArgusWarning: argus[1084]: 11 Sep 07 17:31:10.136323 ArgusWriteOutSocket(0x19b4b2b0) max queue exceeded 100001
  ArgusWarning: argus[1084]: 11 Sep 07 17:31:10.136415 ArgusWriteOutSocket(0x19b4b2b0) max queue exceeded 100001
     ArgusInfo: argus[1084]: 11 Sep 07 18:54:24.709942 connect from test4.ucs.sfu.ca
     ArgusInfo: argus[1084]: 12 Sep 07 07:37:52.110885 connect from test4.ucs.sfu.ca
argus: Time 291843.405156 Flows 159285888  Closed 159285888  Sends 244629742  BSends 31152
       Updates 4417488174 Cache 4258155634
       Total Memory 744490815 Free 744488802 MaxBytes 2147483644
Source: eth1
    Total Pkts 2289806745  Rate 7846.011609

Source: eth0
    Total Pkts 2126910041  Rate 7287.846850

	It shut down correctly on the HUP (the client side died a few times 
once because it ran out of disk space) again in 300K of memory for the one
listening to the argus (ones running ra get oinky fast, but I haven't seen
any of the seg faults I was seeing lately). 
	I just shut it down to install the latest code and we will see what
happens. I see Carter figured out the problem with RaTimeFormat is probably
that "ptr = "xyz";" likely doesn't use malloc (and thus isn't freeable) :-). 
I discovered that a while back when I looked my change over in the light of 
day but haven't had time to comment :-). I'll try the latest version on 
OpenBSD to make sure it is still happy but I expect it will be.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the argus mailing list