Perhaps still a problem?
Peter Van Epp
vanepp at sfu.ca
Thu Sep 20 16:44:12 EDT 2007
Nope, nothing around 03:30 just the normal noise:
Sep 20 01:45:46 hcids syslog-ng[3228]: STATS: dropped 0
Sep 20 02:45:47 hcids syslog-ng[3228]: STATS: dropped 0
Sep 20 03:45:47 hcids syslog-ng[3228]: STATS: dropped 0
Sep 20 04:09:05 hcids zmd: NetworkManagerModule (WARN): Failed to connect to NetworkManager
Sep 20 04:11:13 hcids zmd: Daemon (WARN): Not starting remote web server
Sep 20 04:45:47 hcids syslog-ng[3228]: STATS: dropped 0
Sep 20 05:09:05 hcids zmd: ShutdownManager (WARN): Preparing to sleep...
Sep 20 05:09:05 hcids zmd: ShutdownManager (WARN): Going to sleep, waking up at 09/21/2007 03:59:05
Sep 20 05:45:48 hcids syslog-ng[3228]: STATS: dropped 0
but the debug log has news:
ArgusWarning: argus[22408]: 18 Sep 07 12:33:40.090363 ArgusGetInterfaceStatus: interface eth0 is up
ArgusInfo: argus[22408]: 18 Sep 07 12:34:03.115329 connect from test4.ucs.sfu.ca
ArgusWarning: argus[22408]: 20 Sep 07 03:10:31.910926 ArgusWriteOutSocket(0x12be9a20) max queue exceeded 100001
ArgusWarning: argus[22408]: 20 Sep 07 03:10:31.911016 ArgusWriteOutSocket(0x12be9a20) max queue exceeded 100001
ArgusInfo: argus[22408]: 20 Sep 07 09:09:40.122759 connect from test4.ucs.sfu.ca
Looks like it was a queue exceeded that did the deed. I guess we should
add a syslog for this so we know when it happens without debug on.
Peter Van Epp / Operations and Technical Support
On Thu, Sep 20, 2007 at 12:25:02PM -0400, Carter Bullard wrote:
> Anything in argus's log? Seems like it may have just decided to
> stop sending?
>
> Carter
>
More information about the argus
mailing list