ArgusGenerateRecord: packet size type not defined
Carter Bullard
carter at qosient.com
Tue Feb 3 10:07:03 EST 2009
Hey Michael,
Wow, pretty obvious bug in the flow's packet size reporting feature.
Try this patch, and we'll see if it doesn't work for you.
Carter
==== //depot/argus/argus/argus/ArgusModeler.c#62 - /home/carter/argus/
argus/argus/ArgusModeler.c ====
2872c2872
< if (psize->src.psizemax > 0)
---
> if (psize->dst.psizemax > 0)
On Feb 2, 2009, at 1:39 PM, Michael Grinnell wrote:
> Hi,
>
> Periodically Argus dies on my test system with the error
> "ArgusGenerateRecord: packet size type not defined." The time
> between these errors varies, sometimes it's only a minute or two
> after argus starts, other times it can be > 15 minutes. I've tried
> running a simultaneous tcpdump, then running the resulting capture
> file through argus, but I can't replicate the error. I also don't
> see any glaring errors in the capture file around the time it dies.
> This happens with argus 3.0.0 and with argus 3.0.1 beta2. The
> system is running CentOS 5.2 and is listening on a dedicated
> interface (NC7782, bnx2 driver) to a span port off of a Cisco
> switch. I have also updated to the newest bnx2 drivers, but it
> still recurs. I'm trying to scare up another NIC to try as well.
>
> Thoughts?
>
> --
> Michael Grinnell
> Information Security Engineer
> The American University
>
More information about the argus
mailing list