rabins > 3.0.3.16 stops working ...
Wolfgang Barth
wob at swobspace.de
Thu Oct 14 13:27:29 EDT 2010
Hi Carter,
I have a large argus logfile (~ 200 MByte) containing data only from a
single sensor. If I call something like
/usr/local/src/argus/argus-clients-3.0.3.15/bin/rabins \
-M rmon time 1m -m smac -r /var/log/argus/argus-eligate2.log \
-w /tmp/argus-eligate2-load.30479.tmp - srcid eligate2
I get the following results with time:
3.0.2:
real 0m18.519s
user 0m10.960s
sys 0m0.500s
3.0.3.12
real 0m19.346s
user 0m11.050s
sys 0m0.500s
3.0.3.14
real 0m18.795s
user 0m10.990s
sys 0m0.470s
3.0.3.15
real 0m16.585s
user 0m10.850s
sys 0m0.410s
3.0.3.16
real 0m19.654s
user 0m10.870s
sys 0m0.580s
3.0.3.17: abortet after half an hour, no results
3.0.3.18: abortet after half an hour, no results
If I connect the running process with strace -p, I get a lot of
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2309, ...}) = 0
and later no more result. rabins > 3.0.3.16 never stops.
I switched back to 3.0.3.16 and all works fine.
Wolfgang
--
<wob (at) swobspace de> * http://www.swobspace.de
More information about the argus
mailing list