new argus-clients-3.0.7.14 on the server

Carter Bullard carter at qosient.com
Wed Aug 21 14:38:03 EDT 2013


When you are debugging rasqlinsert(), there are a
number of threads, and so after printing " where ",
you can also do a " info threads ", and then for
each thread, type " thread x " where x is the thread
number, and do a where once in each thread.

   (gdb) info threads
   (gdb) thread 1
   (gdb) where
   (gdb) thread 2
   (where)

etc …  That can be very useful.
Still working on it.

Carter



On Aug 21, 2013, at 2:17 PM, "David Edelman" <dedelman at iname.com> wrote:

> It is getting better - that's purely subjective It still faults but I was
> able to run through a directory tree with -R for quite a while before the
> fault. I still had the same problem that I always had where only the first
> table is populated the rest are created but empty. I've been doing nested
> bash for loops to deal with that for quite some time.
> 
> I ran against a single flow record file under gdb and this is the result. 
> 
> --Dave
> 
> 
> 
> (gdb) run -M time 1d -r argus.2013.04.06.00.00.01.0.gz  -M rmon -w
> mysql://argus:argus@localhost/argus/TTmacAddrs_%Y_%m_%d -m srcid saddr smac
> -s stime ltime srcid saddr smac  - ip
> Starting program: /usr/local/bin/rasqlinsert -M time 1d -r
> argus.2013.04.06.00.00.01.0.gz  -M rmon -w
> mysql://argus:argus@localhost/argus/TTmacAddrs_%Y_%m_%d -m srcid saddr smac
> -s stime ltime srcid saddr smac  - ip
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Detaching after fork from child process 31440.
> [New Thread 0x7ffff5a70700 (LWP 31441)]
> [Thread 0x7ffff5a70700 (LWP 31441) exited]
> [New Thread 0x7ffff5a70700 (LWP 31442)]
> [New Thread 0x7ffff4861700 (LWP 31443)]
> [New Thread 0x7fffeffff700 (LWP 31444)]
> Detaching after fork from child process 31445.
> [Thread 0x7fffeffff700 (LWP 31444) exited]
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff4861700 (LWP 31443)]
> 0x00007ffff7570dcb in pthread_join () from /lib64/libpthread.so.0
> Missing separate debuginfos, use: debuginfo-install
> flow-tools-0.68.5.1-6.fc18.x86_64 glibc-2.16-33.fc18.x86_64
> libgcc-4.7.2-8.fc18.x86_64 libstdc++-4.7.2-8.fc18.x86_64
> ncurses-libs-5.9-11.20130511.fc18.x86_64 openssl-libs-1.0.1e-4.fc18.x86_64
> pcre-8.31-5.fc18.x86_64 readline-6.2-5.fc18.x86_64
> tcp_wrappers-libs-7.6-70.fc18.x86_64 zlib-1.2.7-9.fc18.x86_64
> (gdb) where
> #0  0x00007ffff7570dcb in pthread_join () from /lib64/libpthread.so.0
> #1  0x0000000000414ff3 in ArgusCursesProcessClose () at ./rasqlinsert.c:3313
> #2  0x000000000040cf9f in ArgusCursesProcess (arg=0x0) at
> ./rasqlinsert.c:450
> #3  0x00007ffff756fd15 in start_thread () from /lib64/libpthread.so.0
> #4  0x0000003c88ef253d in clone () from /lib64/libc.so.6
> (gdb) list
> 230	int ArgusColorAddresses(struct ArgusParserStruct *, struct
> ArgusRecordStruct *, struct ArgusAttributeStruct *, short, attr_t);
> 231	int ArgusColorFlowFields(struct ArgusParserStruct *, struct
> ArgusRecordStruct *, struct ArgusAttributeStruct *, short, attr_t);
> 232	int ArgusColorGeoLocation(struct ArgusParserStruct *, struct
> ArgusRecordStruct *, struct ArgusAttributeStruct *, short, attr_t);
> 233	void ArgusInitializeColorMap(struct ArgusParserStruct *, WINDOW *);
> 234	#endif
> 235	
> 236	int
> 237	main(int argc, char **argv)
> 238	{
> 239	   struct ArgusParserStruct *parser = NULL;
> (gdb) up
> #1  0x0000000000414ff3 in ArgusCursesProcessClose () at ./rasqlinsert.c:3313
> 3313	   pthread_join(RaCursesInputThread, NULL);
> (gdb) up
> #2  0x000000000040cf9f in ArgusCursesProcess (arg=0x0) at
> ./rasqlinsert.c:450
> 450	   ArgusCursesProcessClose();
> (gdb) up
> #3  0x00007ffff756fd15 in start_thread () from /lib64/libpthread.so.0
> (gdb) up
> #4  0x0000003c88ef253d in clone () from /lib64/libc.so.6
> (gdb) up
> Initial frame selected; you cannot go up.
> (gdb) 
> 
> 
> dmesg shows:
> 
> [150781.353120] rasqlinsert[26482]: segfault at 2d0 ip 00007ff53b7e6dcb sp
> 00007ff533ffdda0 error 4 in libpthread-2.16.so[7ff53b7de000+16000]
> [150980.758765] rasqlinsert[31192]: segfault at 2d0 ip 00007fa5bfab3dcb sp
> 00007fa5b7ffdda0 error 4 in libpthread-2.16.so[7fa5bfaab000+16000]
> [151147.481928] rasqlinsert[31303]: segfault at 2d0 ip 00007f95d0346dcb sp
> 00007f95ccd67da0 error 4 in libpthread-2.16.so[7f95d033e000+16000]
> [151244.434895] rasqlinsert[31402]: segfault at 2d0 ip 00007f071442fdcb sp
> 00007f071171eda0 error 4 in libpthread-2.16.so[7f0714427000+16000]
> 
> 
> 
> -----Original Message-----
> From: Carter Bullard [mailto:carter at qosient.com] 
> Sent: Wednesday, August 21, 2013 11:31 AM
> To: David Edelman
> Cc: 'Argus'
> Subject: Re: [ARGUS] new argus-clients-3.0.7.14 on the server
> 
> I think I've found a knob to turn that might help.  Can you try this change?
> This
> controls how aggressively we will push modifications out to the database. 
> 
> ==== //depot/argus/clients/examples/ramysql/raclient.c#8 -
> /Users/carter/argus/clients/examples/ramysql/raclient.c ====
> 810c810
> <             RaCursesUpdateInterval.tv_sec  = 0;
> ---
>>            RaCursesUpdateInterval.tv_sec  = 1;
> 
> You may still get a problem, but it should be better.  I'll keep looking
> into
> a better fix that this, but any improvement means where in the right
> direction.
> 
> Carter
> 
> On Aug 21, 2013, at 10:26 AM, "David Edelman" <dedelman at iname.com> wrote:
> 
>> Carter,
>> 
>> That's great news and it makes sense. The instances that are processing
>> stream data don't have enough traffic to create huge updates, and the
>> instances that are cruising through files surely do. I have 128GB of
>> physical memory and I've tuned MySQL to use as much as possible. I can
>> detune it and see if that makes a difference.
>> 
>> --Dave
>> 
>> -----Original Message-----
>> From: Carter Bullard [mailto:carter at qosient.com] 
>> Sent: Wednesday, August 21, 2013 8:10 AM
>> To: David Edelman
>> Cc: 'Argus'
>> Subject: Re: [ARGUS] new argus-clients-3.0.7.14 on the server
>> 
>> Hey David,
>> I'm also getting the same error here, with your example.  Not sure where
>> this crept in, as I use rasqlinsert() on many systems and I haven't seen
>> this,
>> although I have started to see rasqlinsert()s that eat a lot of CPU.
>> 
>> This is a mysqld problem, where it coughs blood processing packets that
>> are too large, or where multiple threads are making concurrent
>> sql calls on the same socket.  
>> 
>>  http://dev.mysql.com/doc/refman/5.0/en/gone-away.html
>> 
>> We do try to send the largest query possible by packing as many INSERTS,
>> or UPDATES, into the mysql ' max_allowed_packet ', and we have multiple
>> threads talking to mysqld.  I just now tried to cut the max_allowed_packet
>> buffer in 1/2, with no effect, so ..... I've got some work to do here and
>> will
>> try to have something today.
>> 
>> Thanks for the feedback !!!!
>> 
>> Carter
>> 
>> On Aug 20, 2013, at 7:43 PM, David Edelman <dedelman at iname.com> wrote:
>> 
>>> I had a theory that the problem happened when there were no more records
>>> available to be read. To test this I moved up one level in the data
> source
>>> directory tree and used -R * figuring that I should see good tables for
>> the
>>> dates prior to the most recent. The theory may be good but the test may
>> have
>>> been useful for a different reason. Newest client build with .devel and
>>> .debug run without a -D switch. I get this almost immediately (but this
> is
>> a
>>> big machine with lots of memory so speed is a hard thing to judge.)
>>> 
>>> 
>>> rasqlinsert -M time 1d -R *  -M rmon -w
>>> mysql://argus:argus@localhost/argus/SSmacAddrs_%Y_%m_%d -m srcid saddr
>> smac
>>> -s stime ltime srcid saddr smac - ip
>>> *** glibc detected *** rasqlinsert: double free or corruption (!prev):
>>> 0x00000000020e4830 ***
>>> rasqlinsert[8994]: 2013-08-20-23:27:39.017 mysql_real_query error Lost
>>> connection to MySQL server during query
>>> ======= Backtrace: =========
>>> /lib64/libc.so.6[0x3c88e7cb3e]
>>> /usr/lib64/mysql/libmysqlclient.so.18(vio_delete+0x26)[0x7f94870c5416]
>>> /usr/lib64/mysql/libmysqlclient.so.18(end_server+0x38)[0x7f94870a2678]
>>> /usr/lib64/mysql/libmysqlclient.so.18(cli_safe_read+0x30)[0x7f94870a2770]
>>> /usr/lib64/mysql/libmysqlclient.so.18(+0x41257)[0x7f94870a5257]
>>> 
>> 
> /usr/lib64/mysql/libmysqlclient.so.18(mysql_real_query+0x26)[0x7f94870a19a6]
>>> 
>> 
> /usr/lib64/mysql/libmysqlclient.so.18(mysql_list_tables+0x55)[0x7f948709edb5
>>> ]
>>> rasqlinsert[0x41fe3c]
>>> rasqlinsert[0x408c68]
>>> rasqlinsert[0x4086a5]
>>> rasqlinsert[0x438d35]
>>> rasqlinsert[0x43933e]
>>> rasqlinsert[0x47b12a]
>>> rasqlinsert[0x47b335]
>>> rasqlinsert[0x405be7]
>>> /lib64/libpthread.so.0(+0x3c89207d15)[0x7f9486bc4d15]
>>> /lib64/libc.so.6(clone+0x6d)[0x3c88ef253d]
>>> ======= Memory map: ========
>>> 00400000-004eb000 r-xp 00000000 fd:00 20983991
>>> /usr/local/bin/rasqlinsert
>>> 006ea000-006eb000 r--p 000ea000 fd:00 20983991
>>> /usr/local/bin/rasqlinsert
>>> 006eb000-006fb000 rw-p 000eb000 fd:00 20983991
>>> /usr/local/bin/rasqlinsert
>>> 006fb000-01007000 rw-p 00000000 00:00 0 
>>> 020d8000-021c0000 rw-p 00000000 00:00 0
>>> [heap]
>>> 3c88a00000-3c88a20000 r-xp 00000000 fd:00 77463577
>>> /usr/lib64/ld-2.16.so
>>> 3c88c20000-3c88c21000 r--p 00020000 fd:00 77463577
>>> /usr/lib64/ld-2.16.so
>>> 3c88c21000-3c88c22000 rw-p 00021000 fd:00 77463577
>>> /usr/lib64/ld-2.16.so
>>> 3c88c22000-3c88c23000 rw-p 00000000 00:00 0 
>>> 3c88e00000-3c88fad000 r-xp 00000000 fd:00 77463656
>>> /usr/lib64/libc-2.16.so
>>> 3c88fad000-3c891ad000 ---p 001ad000 fd:00 77463656
>>> /usr/lib64/libc-2.16.so
>>> 3c891ad000-3c891b1000 r--p 001ad000 fd:00 77463656
>>> /usr/lib64/libc-2.16.so
>>> 3c891b1000-3c891b3000 rw-p 001b1000 fd:00 77463656
>>> /usr/lib64/libc-2.16.so
>>> 3c891b3000-3c891b8000 rw-p 00000000 00:00 0 
>>> 3c89200000-3c89202000 r-xp 00000000 fd:00 77464193
>>> /usr/lib64/libpcreposix.so.0.0.1
>>> 3c89202000-3c89401000 ---p 00002000 fd:00 77464193
>>> /usr/lib64/libpcreposix.so.0.0.1
>>> 3c89401000-3c89402000 r--p 00001000 fd:00 77464193
>>> /usr/lib64/libpcreposix.so.0.0.1
>>> 3c89402000-3c89403000 rw-p 00002000 fd:00 77464193
>>> /usr/lib64/libpcreposix.so.0.0.1
>>> 3c89600000-3c89603000 r-xp 00000000 fd:00 77471354
>>> /usr/lib64/libdl-2.16.so
>>> 3c89603000-3c89802000 ---p 00003000 fd:00 77471354
>>> /usr/lib64/libdl-2.16.so
>>> 3c89802000-3c89803000 r--p 00002000 fd:00 77471354
>>> /usr/lib64/libdl-2.16.so
>>> 3c89803000-3c89804000 rw-p 00003000 fd:00 77471354
>>> /usr/lib64/libdl-2.16.so
>>> 3c89a00000-3c89a07000 r-xp 00000000 fd:00 77463871
>>> /usr/lib64/librt-2.16.so
>>> 3c89a07000-3c89c06000 ---p 00007000 fd:00 77463871
>>> /usr/lib64/librt-2.16.so
>>> 3c89c06000-3c89c07000 r--p 00006000 fd:00 77463871
>>> /usr/lib64/librt-2.16.so
>>> 3c89c07000-3c89c08000 rw-p 00007000 fd:00 77463871
>>> /usr/lib64/librt-2.16.so
>>> 3c89e00000-3c89e15000 r-xp 00000000 fd:00 77471658
>>> /usr/lib64/libz.so.1.2.7
>>> 3c89e15000-3c8a014000 ---p 00015000 fd:00 77471658
>>> /usr/lib64/libz.so.1.2.7
>>> 3c8a014000-3c8a015000 r--p 00014000 fd:00 77471658
>>> /usr/lib64/libz.so.1.2.7
>>> 3c8a015000-3c8a016000 rw-p 00015000 fd:00 77471658
>>> /usr/lib64/libz.so.1.2.7
>>> 3c8a200000-3c8a300000 r-xp 00000000 fd:00 77471671
>>> /usr/lib64/libm-2.16.so
>>> 3c8a300000-3c8a4ff000 ---p 00100000 fd:00 77471671
>>> /usr/lib64/libm-2.16.so
>>> 3c8a4ff000-3c8a500000 r--p 000ff000 fd:00 77471671
>>> /usr/lib64/libm-2.16.so
>>> 3c8a500000-3c8a501000 rw-p 00100000 fd:00 77471671
>>> /usr/lib64/libm-2.16.so
>>> 3c8a600000-3c8a615000 r-xp 00000000 fd:00 77471694
>>> /usr/lib64/libgcc_s-4.7.2-20121109.so.1
>>> 3c8a615000-3c8a814000 ---p 00015000 fd:00 77471694
>>> /usr/lib64/libgcc_s-4.7.2-20121109.so.1
>>> 3c8a814000-3c8a815000 r--p 00014000 fd:00 77471694
>>> /usr/lib64/libgcc_s-4.7.2-20121109.so.1
>>> 3c8a815000-3c8a816000 rw-p 00015000 fd:00 77471694
>>> /usr/lib64/libgcc_s-4.7.2-20121109.so.1
>>> 3c8aa00000-3c8aa5c000 r-xp 00000000 fd:00 77471660
>>> /usr/lib64/libpcre.so.1.0.1
>>> 3c8aa5c000-3c8ac5c000 ---p 0005c000 fd:00 77471660
>>> /usr/lib64/libpcre.so.1.0.1
>>> 3c8ac5c000-3c8ac5d000 r--p 0005c000 fd:00 77471660
>>> /usr/lib64/libpcre.so.1.0.1
>>> 3c8ac5d000-3c8ac5e000 rw-p 0005d000 fd:00 77471660
>>> /usr/lib64/libpcre.so.1.0.1
>>> 3c8b600000-3c8b63c000 r-xp 00000000 fd:00 77465274
>>> /usr/lib64/libreadline.so.6.2
>>> 3c8b63c000-3c8b83b000 ---p 0003c000 fd:00 77465274
>>> /usr/lib64/libreadline.so.6.2
>>> 3c8b83b000-3c8b83d000 r--p 0003b000 fd:00 77465274
>>> /usr/lib64/libreadline.so.6.2
>>> 3c8b83d000-3c8b843000 rw-p 0003d000 fd:00 77465274
>>> /usr/lib64/libreadline.so.6.2
>>> 3c8b843000-3c8b845000 rw-p 00000000 00:00 0 
>>> 3c8ca00000-3c8cae5000 r-xp 00000000 fd:00 77471735
>>> /usr/lib64/libstdc++.so.6.0.17
>>> 3c8cae5000-3c8cce4000 ---p 000e5000 fd:00 77471735
>>> /usr/lib64/libstdc++.so.6.0.17
>>> 3c8cce4000-3c8ccec000 r--p 000e4000 fd:00 77471735
>>> /usr/lib64/libstdc++.so.6.0.17
>>> 3c8ccec000-3c8ccee000 rw-p 000ec000 fd:00 77471735
>>> /usr/lib64/libstdc++.so.6.0.17
>>> 3c8ccee000-3c8cd03000 rw-p 00000000 00:00 0 
>>> 3c93a00000-3c93b9b000 r-xp 00000000 fd:00 77471858
>>> /usr/lib64/libcrypto.so.1.0.1e
>>> 3c93b9b000-3c93d9b000 ---p 0019b000 fd:00 77471858
>>> /usr/lib64/libcrypto.so.1.0.1e
>>> 3c93d9b000-3c93db5000 r--p 0019b000 fd:00 77471858
>>> /usr/lib64/libcrypto.so.1.0.1e
>>> 3c93db5000-3c93dc0000 rw-p 001b5000 fd:00 77471858
>>> /usr/lib64/libcrypto.so.1.0.1e
>>> 3c93dc0000-3c93dc5000 rw-p 00000000 00:00 0 
>>> 3ca1200000-3ca1225000 r-xp 00000000 fd:00 77471104
>>> /usr/lib64/libtinfo.so.5.9
>>> 3ca1225000-3ca1424000 ---p 00025000 fd:00 77471104
>>> /usr/lib64/libtinfo.so.5.9
>>> 3ca1424000-3ca1428000 r--p 00024000 fd:00 77471104
>>> /usr/lib64/libtinfo.so.5.9
>>> 3ca1428000-3ca1429000 rw-p 00028000 fd:00 77471104
>>> /usr/lib64/libtinfo.so.5.9
>>> 3ca2e00000-3ca2e23000 r-xp 00000000 fd:00 77471813
>>> /usr/lib64/libncurses.so.5.9
>>> 3ca2e23000-3ca3022000 ---p 00023000 fd:00 77471813
>>> /usr/lib64/libncurses.so.5.9
>>> 3ca3022000-3ca3023000 r--p 00022000 fd:00 77471813
>>> /usr/lib64/libncurses.so.5.9
>>> 3ca3023000-3ca3024000 rw-p 00023000 fd:00 77471813
>>> /usr/lib64/libncurses.so.5.9
>>> 3ca3e00000-3ca3e16000 r-xp 00000000 fd:00 77470820
>>> /usr/lib64/libnsl-2.16.so
>>> 3ca3e16000-3ca4015000 ---p 00016000 fd:00 77470820
>>> /usr/lib64/libnsl-2.16.so
>>> 3ca4015000-3ca4016000 r--p 00015000 fd:00 77470820
>>> /usr/lib64/libnsl-2.16.so
>>> 3ca4016000-3ca4017000 rw-p 00016000 fd:00 77470820
>>> /usr/lib64/libnsl-2.16.so
>>> 3ca4017000-3ca4019000 rw-p 00000000 00:00 0 
>>> 3ca7600000-3ca7609000 r-xp 00000000 fd:00 77472018
>>> /usr/lib64/libwrap.so.0.7.6
>>> 3ca7609000-3ca7808000 ---p 00009000 fd:00 77472018
>>> /usr/lib64/libwrap.so.0.7.6
>>> 3ca7808000-3ca7809000 r--p 00008000 fd:00 77472018
>>> /usr/lib64/libwrap.so.0.7.6
>>> 3ca7809000-3ca780a000 rw-p 00009000 fd:00 77472018
>>> /usr/lib64/libwrap.so.0.7.6
>>> 3ca780a000-3ca780b000 rw-p 00000000 00:00 0 
>>> 7f9470000000-7f9470594000 rw-p 00000000 00:00 0 
>>> 7f9470594000-7f9474000000 ---p 00000000 00:00 0 
>>> 7f9474000000-7f9474021000 rw-p 00000000 00:00 0 
>>> 7f9474021000-7f9478000000 ---p 00000000 00:00 0 
>>> 7f9478000000-7f94782a5000 rw-p 00000000 00:00 0 
>>> 7f94782a5000-7f947c000000 ---p 00000000 00:00 0 
>>> 7f947c943000-7f947c944000 ---p 00000000 00:00 0 
>>> 7f947c944000-7f947d144000 rw-p 00000000 00:00 0
>>> [stack:8999]
>>> 7f947d144000-7f947d145000 ---p 00000000 00:00 0 
>>> 7f947d145000-7f947e146000 rw-p 00000000 00:00 0
>>> [stack:8998]
>>> 7f947e146000-7f947e152000 r-xp 00000000 fd:00 77471291
>>> /usr/lib64/libnss_files-2.16.so
>>> 7f947e152000-7f947e351000 ---p 0000c000 fd:00 77471291
>>> /usr/lib64/libnss_files-2.16.so
>>> 7f947e351000-7f947e352000 r--p 0000b000 fd:00 77471291
>>> /usr/lib64/libnss_files-2.16.so
>>> 7f947e352000-7f947e353000 rw-p 0000c000 fd:00 77471291
>>> /usr/lib64/libnss_files-2.16.so
>>> 7f947e353000-7f947e354000 ---p 00000000 00:00 0 
>>> 7f947e354000-7f9486bbd000 rw-p 00000000 00:00 0
>>> [stack:8997]
>>> 7f9486bbd000-7f9486bd3000 r-xp 00000000 fd:00 77463716
>>> /usr/lib64/libpthread-2.16.so
>>> 7f9486bd3000-7f9486dd3000 ---p 00016000 fd:00 77463716
>>> /usr/lib64/libpthread-2.16.so
>>> 7f9486dd3000-7f9486dd4000 r--p 00016000 fd:00 77463716
>>> /usr/lib64/libpthread-2.16.so
>>> 7f9486dd4000-7f9486dd5000 rw-p 00017000 fd:00 77463716
>>> /usr/lib64/libpthread-2.16.so
>>> 7f9486dd5000-7f9486dda000 rw-p 00000000 00:00 0 
>>> 7f9486dda000-7f9486e60000 r-xp 00000000 fd:00 77470840
>>> /usr/lib64/libft.so.0.0.0
>>> 7f9486e60000-7f948705f000 ---p 00086000 fd:00 77470840
>>> /usr/lib64/libft.so.0.0.0
>>> 7f948705f000-7f9487061000 r--p 00085000 fd:00 77470840
>>> /usr/lib64/libft.so.0.0.0
>>> 7f9487061000-7f9487064000 rw-p 00087000 fd:00 77470840
>>> /usr/lib64/libft.so.0.0.0
>>> 7f9487064000-7f948735a000 r-xp 00000000 fd:00 77599545
>>> /usr/lib64/mysql/libmysqlclient.so.18.0.0
>>> 7f948735a000-7f948755a000 ---p 002f6000 fd:00 77599545
>>> /usr/lib64/mysql/libmysqlclient.so.18.0.0
>>> 7f948755a000-7f948762c000 rw-p 002f6000 fd:00 77599545
>>> /usr/lib64/mysql/libmysqlclient.so.18.0.0
>>> 7f948762c000-7f9487632000 rw-p 00000000 00:00 0 
>>> 7f948764f000-7f9487652000 rw-p 00000000 00:00 0 
>>> 7fff16923000-7fff16944000 rw-p 00000000 00:00 0
>>> [stack]
>>> 7fff169fe000-7fff16a00000 r-xp 00000000 00:00 0
>>> [vdso]
>>> ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
>>> [vsyscall]
>>> Aborted (core dumped)
>>> 
>>> I run ldd against the image and I get this:
>>> 
>>> ldd /usr/local/bin/rasqlinsert 
>>> 	linux-vdso.so.1 =>  (0x00007fffaebfe000)
>>> 	libpcreposix.so.0 => /lib64/libpcreposix.so.0 (0x0000003c89200000)
>>> 	libpcre.so.1 => /lib64/libpcre.so.1 (0x0000003c8aa00000)
>>> 	libmysqlclient.so.18 => /usr/lib64/mysql/libmysqlclient.so.18
>>> (0x00007f3f8c855000)
>>> 	libm.so.6 => /lib64/libm.so.6 (0x0000003c8a200000)
>>> 	libft.so.0 => /lib64/libft.so.0 (0x00007f3f8c5cb000)
>>> 	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3f8c3ae000)
>>> 	libz.so.1 => /lib64/libz.so.1 (0x0000003c89e00000)
>>> 	libncurses.so.5 => /lib64/libncurses.so.5 (0x0000003ca2e00000)
>>> 	libtinfo.so.5 => /lib64/libtinfo.so.5 (0x0000003ca1200000)
>>> 	libreadline.so.6 => /lib64/libreadline.so.6 (0x0000003c8b600000)
>>> 	libc.so.6 => /lib64/libc.so.6 (0x0000003c88e00000)
>>> 	libdl.so.2 => /lib64/libdl.so.2 (0x0000003c89600000)
>>> 	librt.so.1 => /lib64/librt.so.1 (0x0000003c89a00000)
>>> 	libstdc++.so.6 => /lib64/libstdc++.so.6 (0x0000003c8ca00000)
>>> 	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000003c8a600000)
>>> 	libcrypto.so.10 => /lib64/libcrypto.so.10 (0x0000003c93a00000)
>>> 	libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003ca3e00000)
>>> 	libwrap.so.0 => /lib64/libwrap.so.0 (0x0000003ca7600000)
>>> 	/lib64/ld-linux-x86-64.so.2 (0x0000003c88a00000)
>>> 
>>> Checking the dates of the dynamic libraries indicates that I am linking
> to
>>> the most up to date versions.
>>> 
>>> --Dave
>>> 
>>> 
>>> 
>>> -----Original Message-----
>>> From: Carter Bullard [mailto:carter at qosient.com] 
>>> Sent: Tuesday, August 20, 2013 7:17 PM
>>> To: David Edelman
>>> Cc: Argus
>>> Subject: Re: [ARGUS] new argus-clients-3.0.7.14 on the server
>>> 
>>> Hmmmm, I'll take another look tonight.  It was working here with your
>>> file...frustrating !!!
>>> 
>>> Carter
>>> 
>>> On Aug 20, 2013, at 6:15 PM, "David Edelman" <dedelman at iname.com> wrote:
>>> 
>>>> Carter,
>>>> 
>>>> I'm having the exact same problem as before. 
>>>> 
>>>> I did a clean install after changing the string in VERSION so that I
> knew
>>>> that I was using new code. I applied the argus_label.c change which
>> didn't
>>>> make any difference. I created .debug and .devel; make clobber,
> ./config;
>>>> make; make install and ran under gdb and it is the same picture.
>>>> 
>>>> The instances of rasqlinsert taking data from radium are as happy as
>>> clams. 
>>>> 
>>>> What additional material can I collect for you?
>>>> 
>>>> --Dave
>>>> 
>>>> -----Original Message-----
>>>> From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
>>>> [mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On
>>>> Behalf Of Carter Bullard
>>>> Sent: Tuesday, August 20, 2013 10:59 AM
>>>> To: Argus
>>>> Subject: [ARGUS] new argus-clients-3.0.7.14 on the server
>>>> 
>>>> Gentle people,
>>>> New client code up on the server.  This release fixes all
>>>> known bugs that has been reported on the list, as well as
>>>> having major modifications to rapath().
>>>> 
>>>> New code has been added as guards around the reported
>>>> label problems, but I am not sure that it has fixed
>>>> the problem.  If we could test that, that would be great !!!
>>>> 
>>>> We've made some big changes to rapath().  rapath() extracts
>>>> topology information from argus data.  Basically it takes all
>>>> data that has ICMP TXD messages mapped to it, and tabulates path
>>>> information where it can.  This has the effect of capturing all
>>>> traceroutes() that are observed by argus, regardless of the
>>>> techniqu;  UDP, TCP or ICMP based, weather its vanilla or paris method,
>>>> or several of the proprietary strategies seen in intrusions.
>>>> 
>>>> We've changed the default output of the graph that rapath.1
>>>> generates (using the -A option) to include the srcid, saddr
>>>> and daddr, so that you can build topology from just the
>>>> graphs.  I'll add the stime and duration as well, but need
>>>> to figure out some command line options to control all these
>>>> new fields.  Also rapath() is going to get a realtime mode,
>>>> currently, its a " read a file, generate some output " type of
>>>> tool.
>>>> 
>>>> Please grab this code and give it a run.  I'm hoping to
>>>> release 3.0.7.x as 3.0.8 in the next month, so if there are
>>>> any gotchas, don't hold back.
>>>> 
>>>> Carter
>>>> 
>>> <rasqlinsert-Dump.txt><rasqlinsertLDD.txt>
>> 
> 
> <rasqlinsert-gdb.txt>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7322 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130821/f517fc56/attachment.bin>


More information about the argus mailing list