radium core dump, 3.0.5.32

Carter Bullard carter at qosient.com
Fri Feb 17 14:39:33 EST 2012 

Hey Mark,
I'm looking into this.  One thing thats a bit incorrect.  You're putting radium on
port 561, but then you're collecting from localhost:561.  So are you collecting
from yourself, which is not good, or is radium and argus? using the same port?

The RADIUM_CISCONETFLOW_PORT is obsolete now.  you should configure
a RADIUM_ARGUS_SERVER to collect cisco records:

   RADIUM_ARGUS_SERVER=cisco://ciscohost:9699

The RADIUM_CISCONETFLOW_PORT does work, but it will be phased out for
the other method.

OK, to fix the bug, can you apply this change to your ./common/argus_util.c file?

==== //depot/argus/clients/common/argus_code.c#68 - /Volumes/Users/carter/argus/clients/common/argus_code.c ====
95c95
< //efine ARGUSFORKFILTER   1
---
> #define ARGUSFORKFILTER   1

Seems that somehow this crept into the code.
Carter


On Feb 17, 2012, at 2:18 PM, Mark E. Mallett wrote:

> Howdy,
> 
> (I'm new here)
> 
> I am getting a core dump in radium from argus-clients-3.0.5.32 on a
> 64bit Arch Linux system. The coredump happens in in 3-0.5.32 but not in
> 3-0.5.31. The two versions were built the same way.
> 
> The core dump happens when I use any ra* client (or at least any that
> I've tried) to connect to the radium server and also specify an input
> filter for a srcid.
> 
> It's easy to reproduce here with a simple radium.conf file like this:
> 
> RADIUM_MONITOR_ID=`hostname`
> RADIUM_CISCONETFLOW_PORT=9996
> RADIUM_ACCESS_PORT=561
> RADIUM_BIND_IP=myhostname
> RADIUM_ARGUS_SERVER=127.0.0.1:561
> 
> (substitute something real for "myhostname")
> 
> The ARGUS_SERVER being referenced is running with a srcid of 127.0.0.1
> I want to select records only from that source (btw, the
> RADIUM_ARGUS_SERVER line doesn't have to be present; i.e., the radium
> server doesn't have to be listening to that source, but it probably
> makes the usage example clearer).
> 
> radium is being started simply:
>   radium -w [somefilename]
> 
> If I run a ra* client and ask for records from the 127.0.0.1 source, e.g.:
>  ra -N 5 -S myhostname:561 - srcid 127.0.0.1
> no problem. Run it again:
>  ra -N 5 -S myhostname:561 - srcid 127.0.0.1
> then radium coredumps, and the ra* client reports "remote Filter error"
> 
> if I do the same with radium from 3-0.5.31 the ra* client runs fine
> every time.  I also rebuilt the 3-0.5.31 package to make sure the
> development environment hadn't changed.
> 
> I noticed it first with ratop, but tried it with various other ra* clients.
> 
> Sometimes the radium server gives a stack trace, sometimes it doesn't.
> The stack trace starts out with a double free error from glibc.
> 
> I'd be happy to give more info if needed, or take feedback if I'm
> doing something wrong :-)
> 
> Yours,
> -mm-

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120217/a7a4f7b4/attachment.bin>

More information about the argus mailing list