new code uploaded - argus cygwin support
Carter Bullard
carter at qosient.com
Thu Sep 13 09:43:00 EDT 2007
WoW!! Finally a day with computational sunshine ;o)
This is with .threads for the clients?
I think I've fixed John's ratop segfault, but I need to check it
on other machines to be sure. I'm still having a locking issue
with ratop() when it reads from a file, with .threads, as on
thread gets done reading the file, but other threads are still
working the records, and they get out of sync, but I think this
is an easy one.
Radium needs a thorough testing, but so far the new (53+)
seems to be doing well on my systems (recovering associations
after they have been down for weeks, is working again)
Now I need to get the filtering for argus() in complete sync
with the clients (they sometimes lag as the code can't be
shared between the two distro's). The aggregators need some
cleaning up, (occasionally I see very long lived TCP connections
without any user data), and rahisto() needs the new metrics
added to its list of things it can histofy.
If we stay relatively still, and very lucky, we may be able to make
some progress on release!!!!!!
Carter
On Sep 12, 2007, at 11:10 PM, Peter Van Epp wrote:
> Still looks good a little way in. OpenBSD is still happy, it doesn't
> complain about the free when HUPed so it seems to be happy with the
> string
> dup. Ra on the Mac reading a capture file (which used to balloon to
> over a gig
> of memory) stayed down at the 30 meg level:
>
>
> vanepp 7018 2.2 -0.1 30872 2080 p1 S 7:40PM
> 0:01.76 /usr/local/bin/ra3 -S 192.75.244.191:560 -n -D4 -w /var/log/
> argus/com_argus
> vanepp 7029 0.0 -0.0 27336 360 p2 R+ 7:42PM
> 0:00.00 grep ra3
> test4:~ vanepp$ ps auxwww | grep ra3
> vanepp 7025 100.0 -0.5 37136 11492 p1 R+ 7:41PM
> 0:25.47 ra3 -r com_argus -n
> vanepp 7018 1.1 -0.1 30872 2080 p1 S 7:40PM
> 0:01.89 /usr/local/bin/ra3 -S 192.75.244.191:560 -n -D4 -w /var/log/
> argus/com_argus
> vanepp 7031 0.0 -0.0 18052 288 p2 R+ 7:42PM
> 0:00.00 grep ra3
> test4:~ vanepp$ ps auxwww | grep ra3
> vanepp 7025 100.0 -0.6 38180 13056 p1 R+ 7:41PM
> 0:31.81 ra3 -r com_argus -n
> vanepp 7018 1.3 -0.1 30872 2080 p1 S 7:40PM
> 0:01.99 /usr/local/bin/ra3 -S 192.75.244.191:560 -n -D4 -w /var/log/
> argus/com_argus
> vanepp 7033 0.0 -0.0 27376 420 p2 S+ 7:42PM
> 0:00.00 grep ra3
> test4:~ vanepp$ ps auxwww | grep ra3
> vanepp 7025 100.0 -0.7 40268 15176 p1 R+ 7:41PM
> 0:40.68 ra3 -r com_argus -n
> vanepp 7018 1.1 -0.1 30872 2080 p1 S 7:40PM
> 0:02.13 /usr/local/bin/ra3 -S 192.75.244.191:560 -n -D4 -w /var/log/
> argus/com_argus
> vanepp 7035 0.0 -0.0 27336 356 p2 R+ 7:42PM
> 0:00.00 grep ra3
> test4:~ vanepp$ ps auxwww | grep ra3
> vanepp 7025 100.0 -0.8 41312 16908 p1 R+ 7:41PM
> 0:48.08 ra3 -r com_argus -n
> vanepp 7018 1.0 -0.1 30872 2080 p1 S 7:40PM
> 0:02.24 /usr/local/bin/ra3 -S 192.75.244.191:560 -n -D4 -w /var/log/
> argus/com_argus
> vanepp 7037 0.0 -0.0 27336 348 p2 R+ 7:42PM
> 0:00.00 grep ra3
> test4:~ vanepp$ ps auxwww | grep ra3
> vanepp 7018 2.0 -0.1 30872 2080 p1 S 7:40PM
> 0:02.36 /usr/local/bin/ra3 -S 192.75.244.191:560 -n -D4 -w /var/log/
> argus/com_argus
> vanepp 7039 0.0 -0.0 27336 340 p2 R+ 7:42PM
> 0:00.00 grep ra3
>
> argus on the sensor is low (but so is traffic right now the acid test
> will be tomorrow :-)):
>
> ps auxwwww | grep argus
> root 12857 12.5 0.9 40596 37092 ? SL 19:37 3:29
> argus -J -P 560 -i eth0 -i eth1 -U 512 -m -F /scratch/argus.conf
>
> as is the ra listening to the argus:
>
> vanepp 7018 1.0 -0.1 30872 2140 p1- S 7:40PM
> 0:20.11 /usr/local/bin/ra3 -S 192.75.244.191:560 -n -D4 -w /var/log/
> argus/com_argus
> vanepp 7092 0.7 -0.0 27336 340 p1 R+ 8:06PM
> 0:00.00 grep ra3
>
> a quick look didn't see any missing or zero time stamps (although a
> more careful look with a script is probably in order). Looks good
> so far.
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
More information about the argus
mailing list