rabins > 3.0.3.16 stops working ...

Carter Bullard carter at qosient.com
Thu Oct 14 14:45:10 EDT 2010 

argus is multi-threaded now, and I would guess that one of the threads
has died, and the other threads aren't aware that it has gone away.
if you run rabins under gdb, you should get some notion of why its failing.

once I get some indication, I can try to see if its fixed in argus-clients-3.0.3.18
which is almost ready (lots and lots of changes).

can you share the file?  that will allow me to debug the problem very quickly.
all is deleted as soon as the debugging is complete, so no sharing of the data
is done in any way.   if this is possible, upload to:
   ftp://qosient.com/incoming

which is a blind depository.

Carter

On Oct 14, 2010, at 1:27 PM, Wolfgang Barth wrote:

> Hi Carter,
> 
> I have a large argus logfile (~ 200 MByte) containing data only from a
> single sensor. If I call something like
> 
>  /usr/local/src/argus/argus-clients-3.0.3.15/bin/rabins \
>     -M rmon time 1m -m smac -r /var/log/argus/argus-eligate2.log \
>     -w /tmp/argus-eligate2-load.30479.tmp - srcid eligate2
> 
> I get the following results with time:
> 
> 3.0.2:
> real    0m18.519s
> user    0m10.960s
> sys     0m0.500s
> 
> 3.0.3.12
> real    0m19.346s
> user    0m11.050s
> sys     0m0.500s
> 
> 3.0.3.14
> real    0m18.795s
> user    0m10.990s
> sys     0m0.470s
> 
> 3.0.3.15
> real    0m16.585s
> user    0m10.850s
> sys     0m0.410s
> 
> 3.0.3.16
> real    0m19.654s
> user    0m10.870s
> sys     0m0.580s
> 
> 3.0.3.17: abortet after half an hour, no results
> 3.0.3.18: abortet after half an hour, no results
> 
> If I connect the running process with strace -p, I get a lot of 
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2309, ...}) = 0
> and later no more result. rabins > 3.0.3.16 never stops.
> 
> I switched back to 3.0.3.16 and all works fine.
> 
> Wolfgang
> -- 
> <wob (at) swobspace de> * http://www.swobspace.de
> 

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101014/ad977f7d/attachment.bin>

More information about the argus mailing list