Argus 3.0 dies in daemon mode

Michael Grinnell grinnell at american.edu
Wed Sep 3 16:40:47 EDT 2008 

Carter,

./bin/argus -F /etc/argus.conf -D8 & works fine.  I'll try the dev  
version this evening and let you know.

Thanks,
Michael


On Sep 3, 2008, at 4:30 PM, Carter Bullard wrote:

> Hey Michael,
> When argus goes into daemon mode, it closes stdout and stderr,
> and the debug output stops (no place for it to go), so if there is an
> error that causes argus to exit, but doesn't generate an ArgusLog
> message, you will not see the error message.
>
> Does this work at all?
>
>    ./bin/argus -F /etc/argus.conf -D8 &
>
> Try the argus-3.0.1 that is in the ftp://qosient.com/dev/argus-3.0
> directory to see if things are any better.
>
> Carter
>
>
> On Sep 3, 2008, at 3:45 PM, Michael Grinnell wrote:
>
>> Hi,
>>
>> I'm upgrading to Argus 3.0.  I have installed the version from  
>> April 18, 2008.  When I run it in foreground mode, it works fine,  
>> but when I try and start it as a daemon, it seems to die.  There is  
>> no seg fault and there are no messages in /var/log/messages.  OS is  
>> CentOS release 5.2 (Final) (Linux 2.6.18-92.1.10.el5 #1 SMP Tue Aug  
>> 5 07:41:53 EDT 2008 i686 i686 i386 GNU/Linux)
>>
>> /var/log/messages:
>> Sep  3 15:33:31 argus kernel: device eth1 entered promiscuous mode
>> Sep  3 15:33:31 argus kernel: device eth1 left promiscuous mode
>>
>> -D 8 gives the following output.
>> [root at argus argus-3.0.0]# ./bin/argus -F /etc/argus.conf -d -D 8
>> argus[21915]: 03 Sep 08 15:33:31.481669 ArgusCalloc (1, 704)  
>> returning 0xa003008
>> argus[21915]: 03 Sep 08 15:33:31.481794 ArgusCalloc (1, 40)  
>> returning 0xa003328
>> argus[21915]: 03 Sep 08 15:33:31.481811 ArgusNewList () returning  
>> 0xa003328
>> argus[21915]: 03 Sep 08 15:33:31.481829 ArgusCalloc (1, 20)  
>> returning 0xa003358
>> argus[21915]: 03 Sep 08 15:33:31.481849 ArgusCalloc (65536, 4)  
>> returning 0xb7ee2008
>> argus[21915]: 03 Sep 08 15:33:31.481865 ArgusNewHashTable (65536)  
>> returning 0xa003358
>> argus[21915]: 03 Sep 08 15:33:31.481882 ArgusCalloc (1, 104)  
>> returning 0xa003370
>> argus[21915]: 03 Sep 08 15:33:31.481897 ArgusCalloc (1, 64)  
>> returning 0xa0033e0
>> argus[21915]: 03 Sep 08 15:33:31.481911 ArgusNewQueue () returning  
>> 0xa0033e0
>> argus[21915]: 03 Sep 08 15:33:31.481926 ArgusCalloc (1, 64)  
>> returning 0xa003920
>> argus[21915]: 03 Sep 08 15:33:31.481940 ArgusNewQueue () returning  
>> 0xa003920
>> argus[21915]: 03 Sep 08 15:33:31.481956 ArgusCalloc (1, 112)  
>> returning 0xa003968
>> argus[21915]: 03 Sep 08 15:33:31.481971 ArgusNewModeler() returning  
>> 0xa003008
>> argus[21915]: 03 Sep 08 15:33:31.481993 ArgusCalloc (1, 330552)  
>> returning 0xb7e91008
>> argus[21915]: 03 Sep 08 15:33:31.482012 ArgusNewSource() returning  
>> 0xb7e91008
>> argus[21915]: 03 Sep 08 15:33:31.482032 ArgusCalloc (1, 128)  
>> returning 0xa0039e0
>> argus[21915]: 03 Sep 08 15:33:31.482048 ArgusCalloc (1, 64)  
>> returning 0xa003a68
>> argus[21915]: 03 Sep 08 15:33:31.482062 ArgusNewQueue () returning  
>> 0xa003a68
>> argus[21915]: 03 Sep 08 15:33:31.482075 ArgusNewOutput() returning  
>> retn 0xa0039e0
>> argus[21915]: 03 Sep 08 15:33:31.482099  
>> setArgusMarReportInterval(60) returning
>> argus[21915]: 03 Sep 08 15:33:31.485103 setArgusID(0xa003008,  
>> 0x930901ca) done
>> argus[21915]: 03 Sep 08 15:33:31.485168 setArgusID(0xa003008,  
>> 0x930901ca) done
>> argus[21915]: 03 Sep 08 15:33:31.485215 setArgusID(0xa003008,  
>> 0x930901ca) done
>> argus[21915]: 03 Sep 08 15:33:31.485266  
>> clearArgusDevice(0xb7e91008) returning
>> argus[21915]: 03 Sep 08 15:33:31.485315 ArgusCalloc (1, 40)  
>> returning 0xa004548
>> argus[21915]: 03 Sep 08 15:33:31.485361 ArgusNewList () returning  
>> 0xa004548
>> argus[21915]: 03 Sep 08 15:33:31.485403 ArgusCalloc (1, 8)  
>> returning 0xa003df0
>> argus[21915]: 03 Sep 08 15:33:31.485447 ArgusPushFrontList  
>> (0xa004548, 0xa003df0, 1) returning 0xbfec03d4
>> argus[21915]: 03 Sep 08 15:33:31.485488 setArgusDevice(eth1)  
>> returning
>> argus[21915]: 03 Sep 08 15:33:31.485718 ArgusDeleteList (0x0, 2)  
>> returning
>> argus[21915]: 03 Sep 08 15:33:31.485780 ArgusCalloc (1, 40)  
>> returning 0xa003d98
>> argus[21915]: 03 Sep 08 15:33:31.485827 ArgusNewList () returning  
>> 0xa003d98
>> argus[21915]: 03 Sep 08 15:33:31.485876 ArgusCalloc (1, 12)  
>> returning 0xa003dc8
>> argus[21915]: 03 Sep 08 15:33:31.485922 ArgusPushFrontList  
>> (0xa003d98, 0xa003dc8, 1) returning 0xbfec03d6
>> argus[21915]: 03 Sep 08 15:33:31.485976  
>> setArgusMarReportInterval(60) returning
>> argus[21915]: 03 Sep 08 15:33:31.486048 ArgusParseResourceFile (/ 
>> etc/argus.conf) returning
>> argus[21915]: 03 Sep 08 15:33:31.486114 setArgusInterfaceStatus(1)
>> [root at argus argus-3.0.0]#
>>
>> /etc/argus.conf
>> ARGUS_FLOW_TYPE="Bidirectional"
>> ARGUS_FLOW_KEY="CLASSIC_5_TUPLE"
>> ARGUS_MONITOR_ID=`hostname`
>> ARGUS_INTERFACE=eth1
>> ARGUS_SETUSER_ID=argus
>> ARGUS_SETGROUP_ID=argus
>> ARGUS_OUTPUT_FILE=/var/log/argus/argus.out
>> ARGUS_SET_PID=yes
>> ARGUS_PID_PATH="/var/run"
>> ARGUS_FLOW_STATUS_INTERVAL=5
>> ARGUS_MAR_STATUS_INTERVAL=60
>> ARGUS_GENERATE_RESPONSE_TIME_DATA=yes
>> ARGUS_GENERATE_PACKET_SIZE=yes
>> ARGUS_GENERATE_JITTER_DATA=yes
>> ARGUS_GENERATE_MAC_DATA=no
>> ARGUS_GENERATE_APPBYTE_METRIC=yes
>> ARGUS_GENERATE_TCP_PERF_METRIC=yes
>> ARGUS_GENERATE_BIDIRECTIONAL_TIMESTAMPS=yes
>>
>> Any thoughts?  Has any one seen this before?
>>
>> Thanks,
>>
>> Michael
>>
>>
>>
>>
>

More information about the argus mailing list