Argus crash after successful compile against PF_RING

Carter Bullard carter at qosient.com
Tue Dec 6 19:39:40 EST 2011 

Hey Chris,
Can you turn off packet size reporting in your argus.conf file, if its on?

#ARGUS_GENERATE_PACKET_SIZE=no 

If its not currently turned on, that would be more curious !!!
Carter

On Dec 6, 2011, at 7:29 PM, Chris Wakelin wrote:

> 64-bit Ubuntu 10.04 (but with kernel 2.6.38) and 8 cores (also running
> Suricata IDS on 6 of them). I'm now trying 3.0.5.6/3.0.5.25 as of 5
> minutes ago :)
> 
> Best Wishes,
> Chris
> 
> On 07/12/2011 00:26, Carter Bullard wrote:
>> Hey Chris,
>> Is this a 32-bit or 64-bit machine?
>> Carter
>> 
>> On Dec 6, 2011, at 6:18 PM, Chris Wakelin wrote:
>> 
>>> On 06/12/2011 22:20, Carter Bullard wrote:
>>>> Hey Chris,
>>>> Sorry to hear that you're having problems !!!!!
>>>> Lets try to fix this thing before the end of the year, if you have some time,
>>>> as I'd like 3.0.6 to be solid.
>>>> 
>>>> What version are you running, and do you get any log output?
>>> 
>>> Argus 3.0.5.5, Argus-clients 3.0.5.20 and PF_RING 5.1.0 at the moment. Log output is pretty much as Jesse said:
>>> 
>>>> Dec  6 15:49:25 vinms2 argus[20162]: 06 Dec 11 15:49:25.539044 started
>>>> Dec  6 15:49:25 vinms2 argus[20162]: 06 Dec 11 15:49:25.541036 started
>>>> Dec  6 15:49:25 vinms2 argus[20162]: 06 Dec 11 15:49:25.622050 ArgusGetInterfaceStatus: interface eth4 is up
>>>> Dec  6 15:58:06 vinms2 argus[20162]: 06 Dec 11 15:58:06.520232 ArgusInterface timestamps wayyy out of order: now 1323187086 then 999165474
>>>> Dec  6 15:58:11 vinms2 argus[20162]: 06 Dec 11 15:58:11.520141 ArgusGenerateRecord: packet size type not defined
>>>> Dec  6 15:58:56 vinms2 argus[20290]: 06 Dec 11 15:58:56.742608 started
>>>> Dec  6 15:58:56 vinms2 argus[20290]: 06 Dec 11 15:58:56.744638 started
>>>> Dec  6 15:58:56 vinms2 argus[20290]: 06 Dec 11 15:58:56.931989 ArgusGetInterfaceStatus: interface eth4 is up
>>>> Dec  6 16:52:06 vinms2 argus[20290]: 06 Dec 11 16:52:06.238769 ArgusInterface timestamps wayyy out of order: now 1323190326 then 1811344957
>>> 
>>> etc.
>>> 
>>> I'll try updating to the latest!
>>> 
>>> Best Wishes,
>>> Chris
>>> 
>>> -- 
>>> --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
>>> Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
>>> IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
>>> Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094
>>> 
>> 
> 
> -- 
> --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
> Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
> IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
> Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20111206/f09518dc/attachment.bin>

More information about the argus mailing list