Two More Issues with Argus 3.0 on OpenBSD 4.2 (or: Carter is gonna kill me)

Carter Bullard carter at qosient.com
Fri Feb 15 16:48:21 EST 2008 

The radium 'reliable connections' feature is off on OpenBSD because
the threads aren't working.  I still have no idea what is going on  
with OpenBSD
threads.  Its as if it loses it stack, or something.  More work  
reqiured there.

Hmmm, on the monitor id, it must think that its suppose to be an IPv4
address.  Thats a bug, and I'll look into it tonight.

Carter




On Feb 15, 2008, at 3:42 PM, Eric Pancer wrote:

> As the title reads, I have two more issues with argus 3.0 on OpenBSD  
> 4.2.
>
> First: the MONITOR_ID doesn't appear to be returning information  
> configured
> in /etc/argus.conf..
>
> argus-server$ grep MONITOR /etc/argus.conf
> ARGUS_MONITOR_ID=999
>
> radium-server$ ra -n -s +2srcid -S argus-server
> 14:32:57.132966  e                 0.0.0.0    udp       
> 10.152.21.21.8564 <->      192.36.148.17.53            2         
> 257   CON
> 14:32:57.352741  e                 0.0.0.0    arp      10.192.22.99  
> who      10.192.22.45               1         60   INT
> 14:32:57.434276  e                 0.0.0.0    udp       
> 10.152.21.21.8564 <->      216.104.162.3.53            2         
> 185   CON
> 14:32:57.528309  e                 0.0.0.0    udp       
> 10.152.21.21.8564 <->       193.108.88.1.53            4         
> 336   CON
> 14:32:58.362419  e                 0.0.0.0    arp      10.192.22.99  
> who      10.192.22.46               1         60   INT
> 14:32:58.575697  e                 0.0.0.0    udp       
> 10.152.21.21.8564 <->      69.64.145.225.53            6        
> 1043   CON
> 14:32:58.679986  e                 0.0.0.0    arp       10.192.21.2  
> who      10.192.21.72               2        120   INT
> 14:32:58.710343  e                 0.0.0.0   icmp       218.87.115.7  
> ->      10.192.21.36               1         75   ECO
> 14:32:59.186757  e                 0.0.0.0    udp       
> 10.152.21.21.8564 <->      63.208.106.76.53            4         
> 672   CON
> 14:32:59.372582  e                 0.0.0.0    arp      10.192.22.99  
> who      10.192.22.47               1         60   INT
> 14:32:59.275661  e                 0.0.0.0    arp       10.192.21.2  
> who     10.192.21.171               2        120   INT
>
> Note the "0.0.0.0", which should be "999". It also acts the same  
> when you
> are connected to a radium server and expecting the value of
> RADIUM_MONITOR_ID to be different than "0.0.0.0".
>
> Second issue: radium() seems to lose connection with remote argus()  
> servers
> when the go offline (either the daemon is killed and restarted,  
> SIGHUP'ed,
> etc, as expected, but the sessions are never re-established until  
> radium is
> restarted. I'm not sure if radium is still being worked on.
>
> Are these known problems?
>
> Thanks,
>
> Eric
>
> p.s. I still haven't gotten my Solaris build working, but it looks  
> like
> bison is a problem on Solaris. What version of bison/Solaris are  
> some of you
> running argus on?
>
> -- 
> ``...don't you know, black is this years pink.''
>

More information about the argus mailing list