new argus-clients-3.0.7.14 on the server

Carter Bullard carter at qosient.com
Tue Aug 20 18:43:01 EDT 2013 

Hey Sebas,
The configuration file does not cause fault against your
flow sample file on my machines.  What kind of machine
are you having problems on ?

Carter



On Aug 20, 2013, at 6:31 PM, el draco <eldraco at gmail.com> wrote:

> Hi carter and list.
> 
> I just tried the new argus racluster 3.0.7.14 with my large dataset
> and I got the segfault again.
> 
> racluster -f racluster.conf.segfault -r argus.file.test
> Segmentation fault
> 
> Sorry for not sending the argus.file.test to the list, I'm only
> sending it to Carter so he can debug the error.
> I'm not sending an anonymized version (with ranonymize) because the
> segfault does NOT occur if I ranonymize the dataset.
> 
> Again it seems to depend on the number of flows read along with the
> size of the filter and size of the label.
> 
> If you need more tests just tell me.
> 
> Thanks a lot!
> sebas
> 
> On Tue, Aug 20, 2013 at 9:54 PM, el draco <eldraco at gmail.com> wrote:
>> It worked perfectly! Thanks a lot for that.
>> It is nice to see my labels back again!
>> cheers
>> sebas
>> 
>> On Tue, Aug 20, 2013 at 9:50 PM, Carter Bullard <carter at qosient.com> wrote:
>>> Hey Sebas,
>>> Here is a patch for your segmentation fault bug, if
>>> you're comfortable making the changes yourself.
>>> 
>>> 
>>> thoth:common carter$ p4 diff argus_label.c
>>> ==== //depot/argus/clients/common/argus_label.c#51 - /Volumes/Users/carter/argus/clients/common/argus_label.c ====
>>> 1011a1012
>>>>            str = strbuf;
>>> 
>>> If not, I've also included a new argus_label.c, so replace your ./common/argus_label.c with this one,
>>> and recompile.  All should work well.
>>> 
>>> I'll have a new client package up in a few days.
>>> 
>>> Carter
>>> 
>>> 
>>> 
>>> On Aug 20, 2013, at 3:21 PM, el draco <eldraco at gmail.com> wrote:
>>> 
>>>> Hi Carter. ralabel still has the segfault
>>>> 
>>>> RaLabeler Version 3.0.7.14
>>>> 
>>>> ./bin/ralabel -f ralabel.segfault.conf
>>>> Segmentation fault
>>>> 
>>>> Thanks for the great job you are doing!
>>>> Tell me if you need more tests.
>>>> sebas
>>>> 
>>>> 
>>>> On Tue, Aug 20, 2013 at 4:59 PM, Carter Bullard <carter at qosient.com> wrote:
>>>>> Gentle people,
>>>>> New client code up on the server.  This release fixes all
>>>>> known bugs that has been reported on the list, as well as
>>>>> having major modifications to rapath().
>>>>> 
>>>>> New code has been added as guards around the reported
>>>>> label problems, but I am not sure that it has fixed
>>>>> the problem.  If we could test that, that would be great !!!
>>>>> 
>>>>> We've made some big changes to rapath().  rapath() extracts
>>>>> topology information from argus data.  Basically it takes all
>>>>> data that has ICMP TXD messages mapped to it, and tabulates path
>>>>> information where it can.  This has the effect of capturing all
>>>>> traceroutes() that are observed by argus, regardless of the
>>>>> techniqu;  UDP, TCP or ICMP based, weather its vanilla or paris method,
>>>>> or several of the proprietary strategies seen in intrusions.
>>>>> 
>>>>> We've changed the default output of the graph that rapath.1
>>>>> generates (using the -A option) to include the srcid, saddr
>>>>> and daddr, so that you can build topology from just the
>>>>> graphs.  I'll add the stime and duration as well, but need
>>>>> to figure out some command line options to control all these
>>>>> new fields.  Also rapath() is going to get a realtime mode,
>>>>> currently, its a " read a file, generate some output " type of
>>>>> tool.
>>>>> 
>>>>> Please grab this code and give it a run.  I'm hoping to
>>>>> release 3.0.7.x as 3.0.8 in the next month, so if there are
>>>>> any gotchas, don't hold back.
>>>>> 
>>>>> Carter
>>>>> 
>>>> <ralabel.segfault.conf><test-flowfilter.conf>
>>> 
>>> 
> <racluster.conf.segfault>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7322 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130820/9952138f/attachment.bin>

More information about the argus mailing list