ArgusGenerateRecord: packet size type not defined
Michael Grinnell
grinnell at american.edu
Wed Feb 4 13:47:00 EST 2009
Carter,
That seems to have fixed it. It's been running for 24 hours with no issues.
Thanks,
Michael Grinnell
Information Security Engineer
The American University
Carter Bullard wrote:
> Hey Michael,
> Wow, pretty obvious bug in the flow's packet size reporting feature.
> Try this patch, and we'll see if it doesn't work for you.
>
> Carter
>
> ==== //depot/argus/argus/argus/ArgusModeler.c#62 -
> /home/carter/argus/argus/argus/ArgusModeler.c ====
> 2872c2872
> < if (psize->src.psizemax > 0)
> ---
> > if (psize->dst.psizemax > 0)
>
>
> On Feb 2, 2009, at 1:39 PM, Michael Grinnell wrote:
>
>> Hi,
>>
>> Periodically Argus dies on my test system with the error
>> "ArgusGenerateRecord: packet size type not defined." The time between
>> these errors varies, sometimes it's only a minute or two after argus
>> starts, other times it can be > 15 minutes. I've tried running a
>> simultaneous tcpdump, then running the resulting capture file through
>> argus, but I can't replicate the error. I also don't see any glaring
>> errors in the capture file around the time it dies. This happens with
>> argus 3.0.0 and with argus 3.0.1 beta2. The system is running CentOS
>> 5.2 and is listening on a dedicated interface (NC7782, bnx2 driver) to
>> a span port off of a Cisco switch. I have also updated to the newest
>> bnx2 drivers, but it still recurs. I'm trying to scare up another NIC
>> to try as well.
>>
>> Thoughts?
>>
>> --
>> Michael Grinnell
>> Information Security Engineer
>> The American University
>>
>
>
>
>
>
More information about the argus
mailing list