Argus daemon (3.0.0, 3.0.1b2) dies after time on OpenBSD 4.x
Darren Spruell
phatbuckett at gmail.com
Mon Dec 8 20:07:59 EST 2008
Hi,
I have an Argus installation on an OpenBSD 4.4 sensor for which I've
noted the daemon running for a while (several days at a time) and then
dying. Typical uptimes seem to be vary between 6 and 10 days. No core
files are found, and I don't seem to have anything in syslog
indicating an error.
I've had the same experience on both argus-3.0.0 and
argus-3.0.1.beta.2. Started as:
/usr/local/sbin/argus -F /etc/argus/argus.conf
Config file:
ARGUS_FLOW_TYPE="Bidirectional"
ARGUS_FLOW_KEY="CLASSIC_5_TUPLE"
ARGUS_DAEMON=yes
ARGUS_MONITOR_ID=quagmire
ARGUS_ACCESS_PORT=561
ARGUS_BIND_IP="x.y.241.103"
ARGUS_INTERFACE=em1
ARGUS_SETUSER_ID=argus
ARGUS_SETGROUP_ID=argus
ARGUS_OUTPUT_FILE=/var/log/argus/argus-quagmire.out
ARGUS_SET_PID=yes
ARGUS_PID_PATH="/var/run/argus"
ARGUS_FLOW_STATUS_INTERVAL=5
ARGUS_MAR_STATUS_INTERVAL=60
ARGUS_DEBUG_LEVEL=0
ARGUS_GENERATE_RESPONSE_TIME_DATA=no
ARGUS_GENERATE_PACKET_SIZE=no
ARGUS_GENERATE_JITTER_DATA=no
ARGUS_GENERATE_MAC_DATA=no
ARGUS_GENERATE_APPBYTE_METRIC=no
ARGUS_FILTER="ip and not dst host 224.0.0.2"
Running daemon:
argus 28139 0.0 0.1 1636 2208 ?? Ss Sun12AM 0:56.27
argus -F /etc/argus/argus.conf
Output files:
-rw-r--r-- 1 argus argus 62199296 Dec 8 17:29
/var/log/argus/argus-quagmire.out
-rw-r--r-- 1 argus argus 6 Dec 7 00:36 /var/run/argus/argus.em1.0.pid
OS: OpenBSD 4.4-stable (GENERIC) i386
em1: Intel PRO/1000MT (82546EB)
Anything apparent going on? If not, how should I run the daemon to
output useful debugging data?
--
Darren Spruell
phatbuckett at gmail.com
More information about the argus
mailing list