racluster segv reading argus v2 file
Mike Iglesias
iglesias at uci.edu
Wed Mar 11 16:54:26 EDT 2009
Carter Bullard wrote:
> Hey Mike,
> I see that you're getting records from your 2.x stream that don't have
> a flow DSR in them (segfault in ArgusProcessServiceAvailability()).
>
> That is not really suppose to happen. Does ra() do ok with that file?
It looked like it was working ok, and then I got about 40 lines of output that
were completely blank except for the "<->" in the middle of the line. Then I
got one line that looked normal except the IPs looked like MAC addresses:
19:56:36.429496 v 156 58:73:49:b7:61:35.192 <->
49:b7:61:35:0:4.153 22314297 5252598 CON
Then about 40 more lines of all blank except for the "<->", then normal output
again. Out of about 332k lines of output from ra, about 5200 of them were the
all blank lines, so this happened more than once.
--
Mike Iglesias
UCI Network Security Team Email: security at uci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2270
More information about the argus
mailing list