Argus 3.0 dies in daemon mode

Michael Grinnell grinnell at american.edu
Wed Sep 3 15:45:59 EDT 2008 

Hi,

I'm upgrading to Argus 3.0.  I have installed the version from April  
18, 2008.  When I run it in foreground mode, it works fine, but when I  
try and start it as a daemon, it seems to die.  There is no seg fault  
and there are no messages in /var/log/messages.  OS is CentOS release  
5.2 (Final) (Linux 2.6.18-92.1.10.el5 #1 SMP Tue Aug 5 07:41:53 EDT  
2008 i686 i686 i386 GNU/Linux)

/var/log/messages:
Sep  3 15:33:31 argus kernel: device eth1 entered promiscuous mode
Sep  3 15:33:31 argus kernel: device eth1 left promiscuous mode

-D 8 gives the following output.
[root at argus argus-3.0.0]# ./bin/argus -F /etc/argus.conf -d -D 8
argus[21915]: 03 Sep 08 15:33:31.481669 ArgusCalloc (1, 704) returning  
0xa003008
argus[21915]: 03 Sep 08 15:33:31.481794 ArgusCalloc (1, 40) returning  
0xa003328
argus[21915]: 03 Sep 08 15:33:31.481811 ArgusNewList () returning  
0xa003328
argus[21915]: 03 Sep 08 15:33:31.481829 ArgusCalloc (1, 20) returning  
0xa003358
argus[21915]: 03 Sep 08 15:33:31.481849 ArgusCalloc (65536, 4)  
returning 0xb7ee2008
argus[21915]: 03 Sep 08 15:33:31.481865 ArgusNewHashTable (65536)  
returning 0xa003358
argus[21915]: 03 Sep 08 15:33:31.481882 ArgusCalloc (1, 104) returning  
0xa003370
argus[21915]: 03 Sep 08 15:33:31.481897 ArgusCalloc (1, 64) returning  
0xa0033e0
argus[21915]: 03 Sep 08 15:33:31.481911 ArgusNewQueue () returning  
0xa0033e0
argus[21915]: 03 Sep 08 15:33:31.481926 ArgusCalloc (1, 64) returning  
0xa003920
argus[21915]: 03 Sep 08 15:33:31.481940 ArgusNewQueue () returning  
0xa003920
argus[21915]: 03 Sep 08 15:33:31.481956 ArgusCalloc (1, 112) returning  
0xa003968
argus[21915]: 03 Sep 08 15:33:31.481971 ArgusNewModeler() returning  
0xa003008
argus[21915]: 03 Sep 08 15:33:31.481993 ArgusCalloc (1, 330552)  
returning 0xb7e91008
argus[21915]: 03 Sep 08 15:33:31.482012 ArgusNewSource() returning  
0xb7e91008
argus[21915]: 03 Sep 08 15:33:31.482032 ArgusCalloc (1, 128) returning  
0xa0039e0
argus[21915]: 03 Sep 08 15:33:31.482048 ArgusCalloc (1, 64) returning  
0xa003a68
argus[21915]: 03 Sep 08 15:33:31.482062 ArgusNewQueue () returning  
0xa003a68
argus[21915]: 03 Sep 08 15:33:31.482075 ArgusNewOutput() returning  
retn 0xa0039e0
argus[21915]: 03 Sep 08 15:33:31.482099 setArgusMarReportInterval(60)  
returning
argus[21915]: 03 Sep 08 15:33:31.485103 setArgusID(0xa003008,  
0x930901ca) done
argus[21915]: 03 Sep 08 15:33:31.485168 setArgusID(0xa003008,  
0x930901ca) done
argus[21915]: 03 Sep 08 15:33:31.485215 setArgusID(0xa003008,  
0x930901ca) done
argus[21915]: 03 Sep 08 15:33:31.485266 clearArgusDevice(0xb7e91008)  
returning
argus[21915]: 03 Sep 08 15:33:31.485315 ArgusCalloc (1, 40) returning  
0xa004548
argus[21915]: 03 Sep 08 15:33:31.485361 ArgusNewList () returning  
0xa004548
argus[21915]: 03 Sep 08 15:33:31.485403 ArgusCalloc (1, 8) returning  
0xa003df0
argus[21915]: 03 Sep 08 15:33:31.485447 ArgusPushFrontList (0xa004548,  
0xa003df0, 1) returning 0xbfec03d4
argus[21915]: 03 Sep 08 15:33:31.485488 setArgusDevice(eth1) returning
argus[21915]: 03 Sep 08 15:33:31.485718 ArgusDeleteList (0x0, 2)  
returning
argus[21915]: 03 Sep 08 15:33:31.485780 ArgusCalloc (1, 40) returning  
0xa003d98
argus[21915]: 03 Sep 08 15:33:31.485827 ArgusNewList () returning  
0xa003d98
argus[21915]: 03 Sep 08 15:33:31.485876 ArgusCalloc (1, 12) returning  
0xa003dc8
argus[21915]: 03 Sep 08 15:33:31.485922 ArgusPushFrontList (0xa003d98,  
0xa003dc8, 1) returning 0xbfec03d6
argus[21915]: 03 Sep 08 15:33:31.485976 setArgusMarReportInterval(60)  
returning
argus[21915]: 03 Sep 08 15:33:31.486048 ArgusParseResourceFile (/etc/ 
argus.conf) returning
argus[21915]: 03 Sep 08 15:33:31.486114 setArgusInterfaceStatus(1)
[root at argus argus-3.0.0]#

/etc/argus.conf
ARGUS_FLOW_TYPE="Bidirectional"
ARGUS_FLOW_KEY="CLASSIC_5_TUPLE"
ARGUS_MONITOR_ID=`hostname`
ARGUS_INTERFACE=eth1
ARGUS_SETUSER_ID=argus
ARGUS_SETGROUP_ID=argus
ARGUS_OUTPUT_FILE=/var/log/argus/argus.out
ARGUS_SET_PID=yes
ARGUS_PID_PATH="/var/run"
ARGUS_FLOW_STATUS_INTERVAL=5
ARGUS_MAR_STATUS_INTERVAL=60
ARGUS_GENERATE_RESPONSE_TIME_DATA=yes
ARGUS_GENERATE_PACKET_SIZE=yes
ARGUS_GENERATE_JITTER_DATA=yes
ARGUS_GENERATE_MAC_DATA=no
ARGUS_GENERATE_APPBYTE_METRIC=yes
ARGUS_GENERATE_TCP_PERF_METRIC=yes
ARGUS_GENERATE_BIDIRECTIONAL_TIMESTAMPS=yes

Any thoughts?  Has any one seen this before?

Thanks,

Michael

More information about the argus mailing list