Argus crash after successful compile against PF_RING

Gamarro, Estuardo EGAMARRO at depaul.edu
Tue Dec 6 23:38:40 EST 2011


     Running 3.0.5.6/3.0.5.25 here and observing issues with timestamps out of order as well.  Argus does not crash as easily, but rasplit generates a few flows with very odd dates.  I am testing with PF_RING_aware and regular Linux drivers, but it doesn't seem to make a difference.  In some cases Argus has stopped collecting flows without crashing.  Argus tends to generate more "timestamp wayyy out of order" logs on links with higher utilization (> 600Mbps).  

CentOS 6  64-bit/ 2.6.32
PF_RING 5.2.1


E.J. Gamarro


-----Original Message-----
From: argus-info-bounces+egamarro=depaul.edu at lists.andrew.cmu.edu on behalf of Chris Wakelin
Sent: Tue 12/6/2011 6:29 PM
To: Carter Bullard
Cc: argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] Argus crash after successful compile against PF_RING
 
64-bit Ubuntu 10.04 (but with kernel 2.6.38) and 8 cores (also running
Suricata IDS on 6 of them). I'm now trying 3.0.5.6/3.0.5.25 as of 5
minutes ago :)

Best Wishes,
Chris

On 07/12/2011 00:26, Carter Bullard wrote:
> Hey Chris,
> Is this a 32-bit or 64-bit machine?
> Carter
> 
> On Dec 6, 2011, at 6:18 PM, Chris Wakelin wrote:
> 
>> On 06/12/2011 22:20, Carter Bullard wrote:
>>> Hey Chris,
>>> Sorry to hear that you're having problems !!!!!
>>> Lets try to fix this thing before the end of the year, if you have some time,
>>> as I'd like 3.0.6 to be solid.
>>>
>>> What version are you running, and do you get any log output?
>>
>> Argus 3.0.5.5, Argus-clients 3.0.5.20 and PF_RING 5.1.0 at the moment. Log output is pretty much as Jesse said:
>>
>>> Dec  6 15:49:25 vinms2 argus[20162]: 06 Dec 11 15:49:25.539044 started
>>> Dec  6 15:49:25 vinms2 argus[20162]: 06 Dec 11 15:49:25.541036 started
>>> Dec  6 15:49:25 vinms2 argus[20162]: 06 Dec 11 15:49:25.622050 ArgusGetInterfaceStatus: interface eth4 is up
>>> Dec  6 15:58:06 vinms2 argus[20162]: 06 Dec 11 15:58:06.520232 ArgusInterface timestamps wayyy out of order: now 1323187086 then 999165474
>>> Dec  6 15:58:11 vinms2 argus[20162]: 06 Dec 11 15:58:11.520141 ArgusGenerateRecord: packet size type not defined
>>> Dec  6 15:58:56 vinms2 argus[20290]: 06 Dec 11 15:58:56.742608 started
>>> Dec  6 15:58:56 vinms2 argus[20290]: 06 Dec 11 15:58:56.744638 started
>>> Dec  6 15:58:56 vinms2 argus[20290]: 06 Dec 11 15:58:56.931989 ArgusGetInterfaceStatus: interface eth4 is up
>>> Dec  6 16:52:06 vinms2 argus[20290]: 06 Dec 11 16:52:06.238769 ArgusInterface timestamps wayyy out of order: now 1323190326 then 1811344957
>>
>> etc.
>>
>> I'll try updating to the latest!
>>
>> Best Wishes,
>> Chris
>>
>> -- 
>> --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
>> Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
>> IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
>> Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094
>>
> 

-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20111206/6d982def/attachment.html>


More information about the argus mailing list