Endance DAG 8.1 and Argus problem

Leif Tishendorf ltishend at gmail.com
Mon Feb 14 16:45:24 EST 2011 

Carter,

Thank you for the help.  I added debugging and get the following:

argus -D 12 -F /etc/argus.conf
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714377 ArgusCalloc (1, 
3136) returning 0x169b010
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714541 
ArgusNewModeler() returning 0x169b010
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714569 ArgusCalloc (1, 
4237208) returning 0x7fba99959010
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714593 
ArgusNewSource(0x169b010) returning 0x7fba99959010
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714612 ArgusCalloc (1, 
312) returning 0x169bd20
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714626 ArgusCalloc (1, 
152) returning 0x169c5e0
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714635 ArgusNewQueue () 
returning 0x169c5e0
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714644 ArgusCalloc (1, 
152) returning 0x169c680
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714652 ArgusNewList () 
returning 0x169c680
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714661 ArgusCalloc (1, 
152) returning 0x169c720
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714669 ArgusNewList () 
returning 0x169c720
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714676 ArgusNewOutput() 
returning retn 0x169bd20
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.714689 
setArgusMarReportInterval(60) returning
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716719 
setArgusID(0x7fba99959040, 0xac16057b) done
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716750 
setArgusID(0x7fba99959040, 0xac16057b) done
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716760 
setArgusID(0x7fba99959040, 0xac16057b) done
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716775 
setArgusPortNum(561) returning
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716790 ArgusCalloc (1, 
152) returning 0x169d7d0
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716800 ArgusNewList () 
returning 0x169d7d0
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716809 ArgusCalloc (1, 
16) returning 0x169cc80
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716821 
ArgusPushBackList (0x169d7d0, 0x169cc80, 1) returning 1
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716831 
ArgusParseResourceFile: ArgusBindAddr "(null)"
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716848 
clearArgusDevice(0x7fba99959010) returning
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716854 ArgusCalloc (1, 
152) returning 0x169d870
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:32.716859 ArgusNewList () 
returning 0x169d870
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:34.590195 ArgusCalloc (1, 
56) returning 0x169e050
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:34.590229 
ArgusPushFrontList (0x169d870, 0x169e050, 1) returning 0xc49
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:34.590250 
setArgusDevice(dag0:8) returning
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:34.590750 ArgusDeleteList 
((nil), 2) returning
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:34.590767 ArgusCalloc (1, 
152) returning 0x169f7c0
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:34.590777 ArgusNewList () 
returning 0x169f7c0
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:34.590785 ArgusCalloc (1, 
24) returning 0x169f860
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:34.590794 
ArgusPushFrontList (0x169f7c0, 0x169f860, 1) returning 0xc49
argus[3145.0087039bba7f0000]: 14 Feb 11 13:42:34.590818 
setArgusMarReportInterval(60) returning
argus[3145]: 14 Feb 11 13:42:34.592104 started

Then it just stops, no error and no matter how high I crank up the D 
value the result doesn't change.  FYI, I do have 3.0.2 working on this 
system.  Just wanted to check out the newer version.

Thanks,

-Leif

On 02/14/2011 12:31 PM, Carter Bullard wrote:
> Hey Leif,
> It could be a bug.  Argus has run on many versions of the dag, but I don't test
> each dev release against dag's as I don't have access any longer.
>
> The easiest test is to make sure tcpdump gets packets from that interface.  If
> so, then running argus with the "-D debugLevel" option will give us some detail
> printing on what is happening.
>
> Try with "-D 6" to start, and if that doesn't help, increase to get more info, and don't run
> in daemon mode.
>
> Be sure and put the "-D 6" as the first option, so you get debug printing for parsing the
> command line options, etc......
>
> To compile debug support into argus, in the argus distribution directory:
>     % touch .debug
>     % ./configure
>     % make clean
>     % make
>
> Carter
>
> On Feb 14, 2011, at 3:15 PM, Leif Tishendorf wrote:
>
>> Hello all,
>>
>> I'm running an Endance Dag 8.1 card and I'm having difficulty getting Argus to work with it.  I've compiled Argus 3.0.3.22 against the Dag enabled libpcap files and Argus will run if I set it to eth0, which is the management interface, but if I set it to a dag stream, e.g. ARGUS_INTERFACE=dag0:8, the daemon says it starts, and prints to syslog that it starts, but it doesn't actually start.
>>
>> I was wondering if anyone may have had a similar issue and be able to offer some pointers.
>>
>> Thanks,
>>
>> --Leif
>>
>

-- 
--Leif

More information about the argus mailing list