Two More Issues with Argus 3.0 on OpenBSD 4.2 (or: Carter is gonna kill me)
Eric Pancer
epancer at pobox.com
Fri Feb 15 15:42:05 EST 2008
As the title reads, I have two more issues with argus 3.0 on OpenBSD 4.2.
First: the MONITOR_ID doesn't appear to be returning information configured
in /etc/argus.conf..
argus-server$ grep MONITOR /etc/argus.conf
ARGUS_MONITOR_ID=999
radium-server$ ra -n -s +2srcid -S argus-server
14:32:57.132966 e 0.0.0.0 udp 10.152.21.21.8564 <-> 192.36.148.17.53 2 257 CON
14:32:57.352741 e 0.0.0.0 arp 10.192.22.99 who 10.192.22.45 1 60 INT
14:32:57.434276 e 0.0.0.0 udp 10.152.21.21.8564 <-> 216.104.162.3.53 2 185 CON
14:32:57.528309 e 0.0.0.0 udp 10.152.21.21.8564 <-> 193.108.88.1.53 4 336 CON
14:32:58.362419 e 0.0.0.0 arp 10.192.22.99 who 10.192.22.46 1 60 INT
14:32:58.575697 e 0.0.0.0 udp 10.152.21.21.8564 <-> 69.64.145.225.53 6 1043 CON
14:32:58.679986 e 0.0.0.0 arp 10.192.21.2 who 10.192.21.72 2 120 INT
14:32:58.710343 e 0.0.0.0 icmp 218.87.115.7 -> 10.192.21.36 1 75 ECO
14:32:59.186757 e 0.0.0.0 udp 10.152.21.21.8564 <-> 63.208.106.76.53 4 672 CON
14:32:59.372582 e 0.0.0.0 arp 10.192.22.99 who 10.192.22.47 1 60 INT
14:32:59.275661 e 0.0.0.0 arp 10.192.21.2 who 10.192.21.171 2 120 INT
Note the "0.0.0.0", which should be "999". It also acts the same when you
are connected to a radium server and expecting the value of
RADIUM_MONITOR_ID to be different than "0.0.0.0".
Second issue: radium() seems to lose connection with remote argus() servers
when the go offline (either the daemon is killed and restarted, SIGHUP'ed,
etc, as expected, but the sessions are never re-established until radium is
restarted. I'm not sure if radium is still being worked on.
Are these known problems?
Thanks,
Eric
p.s. I still haven't gotten my Solaris build working, but it looks like
bison is a problem on Solaris. What version of bison/Solaris are some of you
running argus on?
--
``...don't you know, black is this years pink.''
More information about the argus
mailing list