ArgusEstablishListen: bind() error

Carter Bullard carter at qosient.com
Mon Apr 26 14:26:16 EDT 2010 

Hey Mike,
When you run independent images of argus on multiple interfaces, you need each 
of them to have 
   1. unique ARGUS_MONITOR_IDs, 
   2. open different ARGUS_INTERFACEs,
   3. put listens down on different ARGUS_ACCESS_PORTs. 

(this will change in argus-3.0.4, where you can specify all of this on one line in the
conf, but we're a few months away on that).

You can do all of this on the command line, or you can use separate argus.conf
files for each image of argus.  I like using separate argus.conf files, as that
reminds me of the the 3 key variables to set.  Define your argus.conf files, and
run argus with the -F option so it will pick up the right one.

   argus -F /etc/argus.1.conf
   argus -F /etc/argus.2.conf
      etc......

where argus.1.conf specifies different values for the 3 variables above.  

Lets say your going to configure 6 argi.  Set the ARGUS_MONITOR_IDs to the
IP addresses assigned to each port (that is a useful strategy), ARGUS_INTERFACE
should be the interface of interest, and the ARGUS_ACCESS_PORTs need to be 6
different ports, lets use 12340-12345.

radium() will connect to all the ports you put listens down on using
the RADIUM_ARGUS_SERVER, variables.  In my /etc/radium.conf file,
I would have 

RADIUM_ARGUS_SERVER=argus://localhost:12340
RADIUM_ARGUS_SERVER=argus://localhost:12341
RADIUM_ARGUS_SERVER=argus://localhost:12342
RADIUM_ARGUS_SERVER=argus://localhost:12343
RADIUM_ARGUS_SERVER=argus://localhost:12344
RADIUM_ARGUS_SERVER=argus://localhost:12345


If this doesn't help, please do send more email!!!!

Carter


On Apr 26, 2010, at 2:05 PM, Mike Tancsa wrote:

> Hi,
>        I am new to Argus and am looking to setup a series of argus collectors and then a central host to receive netflow as well as Argus data where possible.  On the central server I was going to use radium.
> 
> I am just starting to test on one client and ran into a problem. The client machine has 6 interfaces I wish to monitor.  When I try and start up multiple copies of argus, I run into the error
> 
> ArgusEstablishListen: bind() error
> 
> even though I am trying to bind it to a different IP and different interface
> 
> Looking at what the initial program binds to, I see the following open (this is FreeBSD BTW)
> 
> # sockstat | grep arg
> root     argus      60912 5  tcp4   205.xxx.yyy.zzz:561    *:*
> root     argus      60912 6  dgram  -> /var/run/logpriv
> root     argus      60912 7  udp4   *:*                   *:*
> 
> I am guessing the listening on the UDP port is preventing the second copy from starting up ? How do I prevent that ?
> 
> Argus Version 3.0.2
>        ---Mike
> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100426/6324aaec/attachment.bin>

More information about the argus mailing list