new argus-clients-3.0.7.14 on the server

David Edelman dedelman at iname.com
Wed Aug 21 18:04:36 EDT 2013


With the thread specific information:

gdb rasqlinsert
GNU gdb (GDB) Fedora (7.5.1-38.fc18)
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/bin/rasqlinsert...done.
(gdb) run -M time 1d -r *  -M rmon -w
mysql://argus:argus@localhost/argus/VVmacAddrs_%Y_%m_%d -m srcid saddr smac
-s stime ltime srcid saddr smac  - ip
Starting program: /usr/local/bin/rasqlinsert -M time 1d -r *  -M rmon -w
mysql://argus:argus@localhost/argus/VVmacAddrs_%Y_%m_%d -m srcid saddr smac
-s stime ltime srcid saddr smac  - ip
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 2817.
[New Thread 0x7ffff51a2700 (LWP 2820)]
[Thread 0x7ffff51a2700 (LWP 2820) exited]
[New Thread 0x7ffff51a2700 (LWP 2826)]
[New Thread 0x7fffef7fe700 (LWP 2827)]
[New Thread 0x7fffeeffd700 (LWP 2828)]
Detaching after fork from child process 2829.
Detaching after fork from child process 2831.
Detaching after fork from child process 2833.
Detaching after fork from child process 2837.
Detaching after fork from child process 2839.
Detaching after fork from child process 2841.
Detaching after fork from child process 2843.
Detaching after fork from child process 2845.
Detaching after fork from child process 2847.
Detaching after fork from child process 2849.
Detaching after fork from child process 2851.
Detaching after fork from child process 2853.
Detaching after fork from child process 2855.
Detaching after fork from child process 2857.
Detaching after fork from child process 2859.
Detaching after fork from child process 2861.
Detaching after fork from child process 2863.
Detaching after fork from child process 2865.
Detaching after fork from child process 2867.
Detaching after fork from child process 2869.
Detaching after fork from child process 2872.
Detaching after fork from child process 2874.
Detaching after fork from child process 2876.
Detaching after fork from child process 2878.
[Thread 0x7fffeeffd700 (LWP 2828) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffef7fe700 (LWP 2827)]
0x00007ffff7570dcb in pthread_join () from /lib64/libpthread.so.0
Missing separate debuginfos, use: debuginfo-install
flow-tools-0.68.5.1-6.fc18.x86_64 glibc-2.16-33.fc18.x86_64
libgcc-4.7.2-8.fc18.x86_64 libstdc++-4.7.2-8.fc18.x86_64
ncurses-libs-5.9-11.20130511.fc18.x86_64 openssl-libs-1.0.1e-4.fc18.x86_64
pcre-8.31-5.fc18.x86_64 readline-6.2-5.fc18.x86_64
tcp_wrappers-libs-7.6-70.fc18.x86_64 zlib-1.2.7-9.fc18.x86_64
(gdb) where
#0  0x00007ffff7570dcb in pthread_join () from /lib64/libpthread.so.0
#1  0x0000000000414ff3 in ArgusCursesProcessClose () at ./rasqlinsert.c:3313
#2  0x000000000040cf9f in ArgusCursesProcess (arg=0x0) at
./rasqlinsert.c:450
#3  0x00007ffff756fd15 in start_thread () from /lib64/libpthread.so.0
#4  0x0000003c88ef253d in clone () from /lib64/libc.so.6

(gdb) info threads
  Id   Target Id         Frame 
* 4    Thread 0x7fffef7fe700 (LWP 2827) "rasqlinsert" 0x00007ffff7570dcb in
pthread_join () from /lib64/libpthread.so.0
  3    Thread 0x7ffff51a2700 (LWP 2826) "rasqlinsert" 0x00007ffff75764b7 in
recv () from /lib64/libpthread.so.0
  1    Thread 0x7ffff7560740 (LWP 2813) "rasqlinsert" 0x00007ffff7570e60 in
pthread_join () from /lib64/libpthread.so.0

(gdb) thread 1
[Switching to thread 1 (Thread 0x7ffff7560740 (LWP 2813))]
#0  0x00007ffff7570e60 in pthread_join () from /lib64/libpthread.so.0
(gdb) where
#0  0x00007ffff7570e60 in pthread_join () from /lib64/libpthread.so.0
#1  0x000000000040cb6b in main (argc=45, argv=0x7fffffffdc38) at
./rasqlinsert.c:302

(gdb) thread 3
[Switching to thread 3 (Thread 0x7ffff51a2700 (LWP 2826))]
#0  0x00007ffff75764b7 in recv () from /lib64/libpthread.so.0
(gdb) where
#0  0x00007ffff75764b7 in recv () from /lib64/libpthread.so.0
#1  0x00007ffff7a71299 in inline_mysql_socket_recv (flags=<optimized out>,
n=<optimized out>, buf=<optimized out>, mysql_socket=...,
src_line=<optimized out>, 
    src_file=<optimized out>) at /usr/include/bits/socket2.h:35
#2  vio_read (vio=0x100e580, buf=0x100e770 "0", size=16384) at
/pb2/build/sb_0-9099207-1367228139.78/rpm/BUILD/mysql-5.6.11/mysql-5.6.11/vi
o/viosocket.c:114
#3  0x00007ffff7a7131e in vio_read_buff (vio=0x7, buf=0x1012780 "\321\v",
size=4)
    at
/pb2/build/sb_0-9099207-1367228139.78/rpm/BUILD/mysql-5.6.11/mysql-5.6.11/vi
o/viosocket.c:157
#4  0x00007ffff7a566a7 in net_read_raw_loop (count=4, net=<optimized out>)
    at
/pb2/build/sb_0-9099207-1367228139.78/rpm/BUILD/mysql-5.6.11/mysql-5.6.11/sq
l/net_serv.cc:663
#5  net_read_packet_header (net=<optimized out>) at
/pb2/build/sb_0-9099207-1367228139.78/rpm/BUILD/mysql-5.6.11/mysql-5.6.11/sq
l/net_serv.cc:751
#6  net_read_packet (net=0x100aa60, complen=0x7ffff51a1ca0) at
/pb2/build/sb_0-9099207-1367228139.78/rpm/BUILD/mysql-5.6.11/mysql-5.6.11/sq
l/net_serv.cc:810
#7  0x00007ffff7a569af in my_net_read (net=0x7) at
/pb2/build/sb_0-9099207-1367228139.78/rpm/BUILD/mysql-5.6.11/mysql-5.6.11/sq
l/net_serv.cc:888
#8  0x00007ffff7a4d7b6 in cli_safe_read (mysql=0x7) at
/pb2/build/sb_0-9099207-1367228139.78/rpm/BUILD/mysql-5.6.11/mysql-5.6.11/sq
l-common/client.c:610
#9  0x00007ffff7a50257 in cli_read_query_result (mysql=0x7)
    at
/pb2/build/sb_0-9099207-1367228139.78/rpm/BUILD/mysql-5.6.11/mysql-5.6.11/sq
l-common/client.c:4015
#10 0x00007ffff7a4c9a6 in mysql_real_query (mysql=0x100aa60,
query=<optimized out>, length=<optimized out>)
    at
/pb2/build/sb_0-9099207-1367228139.78/rpm/BUILD/mysql-5.6.11/mysql-5.6.11/sq
l-common/client.c:4103
#11 0x000000000041e0ef in ArgusProcessSQLQueryList (parser=0x7ffff74bb010)
at ./rasqlinsert.c:6556
#12 0x000000000041e674 in ArgusMySQLProcess (arg=0x7ffff74bb010) at
./rasqlinsert.c:6694
#13 0x00007ffff756fd15 in start_thread () from /lib64/libpthread.so.0
#14 0x0000003c88ef253d in clone () from /lib64/libc.so.6

(gdb) thread 4
[Switching to thread 4 (Thread 0x7fffef7fe700 (LWP 2827))]
#0  0x00007ffff7570dcb in pthread_join () from /lib64/libpthread.so.0
(gdb) where
#0  0x00007ffff7570dcb in pthread_join () from /lib64/libpthread.so.0
#1  0x0000000000414ff3 in ArgusCursesProcessClose () at ./rasqlinsert.c:3313
#2  0x000000000040cf9f in ArgusCursesProcess (arg=0x0) at
./rasqlinsert.c:450
#3  0x00007ffff756fd15 in start_thread () from /lib64/libpthread.so.0
#4  0x0000003c88ef253d in clone () from /lib64/libc.so.6



-----Original Message-----
From: Carter Bullard [mailto:carter at qosient.com] 
Sent: Wednesday, August 21, 2013 2:38 PM
To: David Edelman
Cc: 'Argus'
Subject: Re: [ARGUS] new argus-clients-3.0.7.14 on the server

When you are debugging rasqlinsert(), there are a
number of threads, and so after printing " where ",
you can also do a " info threads ", and then for
each thread, type " thread x " where x is the thread
number, and do a where once in each thread.

   (gdb) info threads
   (gdb) thread 1
   (gdb) where
   (gdb) thread 2
   (where)

etc .  That can be very useful.
Still working on it.

Carter



On Aug 21, 2013, at 2:17 PM, "David Edelman" <dedelman at iname.com> wrote:

> It is getting better - that's purely subjective It still faults but I was
> able to run through a directory tree with -R for quite a while before the
> fault. I still had the same problem that I always had where only the first
> table is populated the rest are created but empty. I've been doing nested
> bash for loops to deal with that for quite some time.
> 
> I ran against a single flow record file under gdb and this is the result. 
> 
> --Dave
> 
> 
> 
> (gdb) run -M time 1d -r argus.2013.04.06.00.00.01.0.gz  -M rmon -w
> mysql://argus:argus@localhost/argus/TTmacAddrs_%Y_%m_%d -m srcid saddr
smac
> -s stime ltime srcid saddr smac  - ip
> Starting program: /usr/local/bin/rasqlinsert -M time 1d -r
> argus.2013.04.06.00.00.01.0.gz  -M rmon -w
> mysql://argus:argus@localhost/argus/TTmacAddrs_%Y_%m_%d -m srcid saddr
smac
> -s stime ltime srcid saddr smac  - ip
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Detaching after fork from child process 31440.
> [New Thread 0x7ffff5a70700 (LWP 31441)]
> [Thread 0x7ffff5a70700 (LWP 31441) exited]
> [New Thread 0x7ffff5a70700 (LWP 31442)]
> [New Thread 0x7ffff4861700 (LWP 31443)]
> [New Thread 0x7fffeffff700 (LWP 31444)]
> Detaching after fork from child process 31445.
> [Thread 0x7fffeffff700 (LWP 31444) exited]
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff4861700 (LWP 31443)]
> 0x00007ffff7570dcb in pthread_join () from /lib64/libpthread.so.0
> Missing separate debuginfos, use: debuginfo-install
> flow-tools-0.68.5.1-6.fc18.x86_64 glibc-2.16-33.fc18.x86_64
> libgcc-4.7.2-8.fc18.x86_64 libstdc++-4.7.2-8.fc18.x86_64
> ncurses-libs-5.9-11.20130511.fc18.x86_64 openssl-libs-1.0.1e-4.fc18.x86_64
> pcre-8.31-5.fc18.x86_64 readline-6.2-5.fc18.x86_64
> tcp_wrappers-libs-7.6-70.fc18.x86_64 zlib-1.2.7-9.fc18.x86_64
> (gdb) where
> #0  0x00007ffff7570dcb in pthread_join () from /lib64/libpthread.so.0
> #1  0x0000000000414ff3 in ArgusCursesProcessClose () at
./rasqlinsert.c:3313
> #2  0x000000000040cf9f in ArgusCursesProcess (arg=0x0) at
> ./rasqlinsert.c:450
> #3  0x00007ffff756fd15 in start_thread () from /lib64/libpthread.so.0
> #4  0x0000003c88ef253d in clone () from /lib64/libc.so.6
> (gdb) list
> 230	int ArgusColorAddresses(struct ArgusParserStruct *, struct
> ArgusRecordStruct *, struct ArgusAttributeStruct *, short, attr_t);
> 231	int ArgusColorFlowFields(struct ArgusParserStruct *, struct
> ArgusRecordStruct *, struct ArgusAttributeStruct *, short, attr_t);
> 232	int ArgusColorGeoLocation(struct ArgusParserStruct *, struct
> ArgusRecordStruct *, struct ArgusAttributeStruct *, short, attr_t);
> 233	void ArgusInitializeColorMap(struct ArgusParserStruct *, WINDOW *);
> 234	#endif
> 235	
> 236	int
> 237	main(int argc, char **argv)
> 238	{
> 239	   struct ArgusParserStruct *parser = NULL;
> (gdb) up
> #1  0x0000000000414ff3 in ArgusCursesProcessClose () at
./rasqlinsert.c:3313
> 3313	   pthread_join(RaCursesInputThread, NULL);
> (gdb) up
> #2  0x000000000040cf9f in ArgusCursesProcess (arg=0x0) at
> ./rasqlinsert.c:450
> 450	   ArgusCursesProcessClose();
> (gdb) up
> #3  0x00007ffff756fd15 in start_thread () from /lib64/libpthread.so.0
> (gdb) up
> #4  0x0000003c88ef253d in clone () from /lib64/libc.so.6
> (gdb) up
> Initial frame selected; you cannot go up.
> (gdb) 
> 
> 
> dmesg shows:
> 
> [150781.353120] rasqlinsert[26482]: segfault at 2d0 ip 00007ff53b7e6dcb sp
> 00007ff533ffdda0 error 4 in libpthread-2.16.so[7ff53b7de000+16000]
> [150980.758765] rasqlinsert[31192]: segfault at 2d0 ip 00007fa5bfab3dcb sp
> 00007fa5b7ffdda0 error 4 in libpthread-2.16.so[7fa5bfaab000+16000]
> [151147.481928] rasqlinsert[31303]: segfault at 2d0 ip 00007f95d0346dcb sp
> 00007f95ccd67da0 error 4 in libpthread-2.16.so[7f95d033e000+16000]
> [151244.434895] rasqlinsert[31402]: segfault at 2d0 ip 00007f071442fdcb sp
> 00007f071171eda0 error 4 in libpthread-2.16.so[7f0714427000+16000]
> 
> 
> 
> -----Original Message-----
> From: Carter Bullard [mailto:carter at qosient.com] 
> Sent: Wednesday, August 21, 2013 11:31 AM
> To: David Edelman
> Cc: 'Argus'
> Subject: Re: [ARGUS] new argus-clients-3.0.7.14 on the server
> 
> I think I've found a knob to turn that might help.  Can you try this
change?
> This
> controls how aggressively we will push modifications out to the database. 
> 
> ==== //depot/argus/clients/examples/ramysql/raclient.c#8 -
> /Users/carter/argus/clients/examples/ramysql/raclient.c ====
> 810c810
> <             RaCursesUpdateInterval.tv_sec  = 0;
> ---
>>            RaCursesUpdateInterval.tv_sec  = 1;
> 
> You may still get a problem, but it should be better.  I'll keep looking
> into
> a better fix that this, but any improvement means where in the right
> direction.
> 
> Carter
> 
> On Aug 21, 2013, at 10:26 AM, "David Edelman" <dedelman at iname.com> wrote:
> 
>> Carter,
>> 
>> That's great news and it makes sense. The instances that are processing
>> stream data don't have enough traffic to create huge updates, and the
>> instances that are cruising through files surely do. I have 128GB of
>> physical memory and I've tuned MySQL to use as much as possible. I can
>> detune it and see if that makes a difference.
>> 
>> --Dave
>> 
>> -----Original Message-----
>> From: Carter Bullard [mailto:carter at qosient.com] 
>> Sent: Wednesday, August 21, 2013 8:10 AM
>> To: David Edelman
>> Cc: 'Argus'
>> Subject: Re: [ARGUS] new argus-clients-3.0.7.14 on the server
>> 
>> Hey David,
>> I'm also getting the same error here, with your example.  Not sure where
>> this crept in, as I use rasqlinsert() on many systems and I haven't seen
>> this,
>> although I have started to see rasqlinsert()s that eat a lot of CPU.
>> 
>> This is a mysqld problem, where it coughs blood processing packets that
>> are too large, or where multiple threads are making concurrent
>> sql calls on the same socket.  
>> 
>>  http://dev.mysql.com/doc/refman/5.0/en/gone-away.html
>> 
>> We do try to send the largest query possible by packing as many INSERTS,
>> or UPDATES, into the mysql ' max_allowed_packet ', and we have multiple
>> threads talking to mysqld.  I just now tried to cut the
max_allowed_packet
>> buffer in 1/2, with no effect, so ..... I've got some work to do here and
>> will
>> try to have something today.
>> 
>> Thanks for the feedback !!!!
>> 
>> Carter
>> 
>> On Aug 20, 2013, at 7:43 PM, David Edelman <dedelman at iname.com> wrote:
>> 
>>> I had a theory that the problem happened when there were no more records
>>> available to be read. To test this I moved up one level in the data
> source
>>> directory tree and used -R * figuring that I should see good tables for
>> the
>>> dates prior to the most recent. The theory may be good but the test may
>> have
>>> been useful for a different reason. Newest client build with .devel and
>>> .debug run without a -D switch. I get this almost immediately (but this
> is
>> a
>>> big machine with lots of memory so speed is a hard thing to judge.)
>>> 
>>> 
>>> rasqlinsert -M time 1d -R *  -M rmon -w
>>> mysql://argus:argus@localhost/argus/SSmacAddrs_%Y_%m_%d -m srcid saddr
>> smac
>>> -s stime ltime srcid saddr smac - ip
>>> *** glibc detected *** rasqlinsert: double free or corruption (!prev):
>>> 0x00000000020e4830 ***
>>> rasqlinsert[8994]: 2013-08-20-23:27:39.017 mysql_real_query error Lost
>>> connection to MySQL server during query
>>> ======= Backtrace: =========
>>> /lib64/libc.so.6[0x3c88e7cb3e]
>>> /usr/lib64/mysql/libmysqlclient.so.18(vio_delete+0x26)[0x7f94870c5416]
>>> /usr/lib64/mysql/libmysqlclient.so.18(end_server+0x38)[0x7f94870a2678]
>>>
/usr/lib64/mysql/libmysqlclient.so.18(cli_safe_read+0x30)[0x7f94870a2770]
>>> /usr/lib64/mysql/libmysqlclient.so.18(+0x41257)[0x7f94870a5257]
>>> 
>> 
>
/usr/lib64/mysql/libmysqlclient.so.18(mysql_real_query+0x26)[0x7f94870a19a6]
>>> 
>> 
>
/usr/lib64/mysql/libmysqlclient.so.18(mysql_list_tables+0x55)[0x7f948709edb5
>>> ]
>>> rasqlinsert[0x41fe3c]
>>> rasqlinsert[0x408c68]
>>> rasqlinsert[0x4086a5]
>>> rasqlinsert[0x438d35]
>>> rasqlinsert[0x43933e]
>>> rasqlinsert[0x47b12a]
>>> rasqlinsert[0x47b335]
>>> rasqlinsert[0x405be7]
>>> /lib64/libpthread.so.0(+0x3c89207d15)[0x7f9486bc4d15]
>>> /lib64/libc.so.6(clone+0x6d)[0x3c88ef253d]
>>> ======= Memory map: ========
>>> 00400000-004eb000 r-xp 00000000 fd:00 20983991
>>> /usr/local/bin/rasqlinsert
>>> 006ea000-006eb000 r--p 000ea000 fd:00 20983991
>>> /usr/local/bin/rasqlinsert
>>> 006eb000-006fb000 rw-p 000eb000 fd:00 20983991
>>> /usr/local/bin/rasqlinsert
>>> 006fb000-01007000 rw-p 00000000 00:00 0 
>>> 020d8000-021c0000 rw-p 00000000 00:00 0
>>> [heap]
>>> 3c88a00000-3c88a20000 r-xp 00000000 fd:00 77463577
>>> /usr/lib64/ld-2.16.so
>>> 3c88c20000-3c88c21000 r--p 00020000 fd:00 77463577
>>> /usr/lib64/ld-2.16.so
>>> 3c88c21000-3c88c22000 rw-p 00021000 fd:00 77463577
>>> /usr/lib64/ld-2.16.so
>>> 3c88c22000-3c88c23000 rw-p 00000000 00:00 0 
>>> 3c88e00000-3c88fad000 r-xp 00000000 fd:00 77463656
>>> /usr/lib64/libc-2.16.so
>>> 3c88fad000-3c891ad000 ---p 001ad000 fd:00 77463656
>>> /usr/lib64/libc-2.16.so
>>> 3c891ad000-3c891b1000 r--p 001ad000 fd:00 77463656
>>> /usr/lib64/libc-2.16.so
>>> 3c891b1000-3c891b3000 rw-p 001b1000 fd:00 77463656
>>> /usr/lib64/libc-2.16.so
>>> 3c891b3000-3c891b8000 rw-p 00000000 00:00 0 
>>> 3c89200000-3c89202000 r-xp 00000000 fd:00 77464193
>>> /usr/lib64/libpcreposix.so.0.0.1
>>> 3c89202000-3c89401000 ---p 00002000 fd:00 77464193
>>> /usr/lib64/libpcreposix.so.0.0.1
>>> 3c89401000-3c89402000 r--p 00001000 fd:00 77464193
>>> /usr/lib64/libpcreposix.so.0.0.1
>>> 3c89402000-3c89403000 rw-p 00002000 fd:00 77464193
>>> /usr/lib64/libpcreposix.so.0.0.1
>>> 3c89600000-3c89603000 r-xp 00000000 fd:00 77471354
>>> /usr/lib64/libdl-2.16.so
>>> 3c89603000-3c89802000 ---p 00003000 fd:00 77471354
>>> /usr/lib64/libdl-2.16.so
>>> 3c89802000-3c89803000 r--p 00002000 fd:00 77471354
>>> /usr/lib64/libdl-2.16.so
>>> 3c89803000-3c89804000 rw-p 00003000 fd:00 77471354
>>> /usr/lib64/libdl-2.16.so
>>> 3c89a00000-3c89a07000 r-xp 00000000 fd:00 77463871
>>> /usr/lib64/librt-2.16.so
>>> 3c89a07000-3c89c06000 ---p 00007000 fd:00 77463871
>>> /usr/lib64/librt-2.16.so
>>> 3c89c06000-3c89c07000 r--p 00006000 fd:00 77463871
>>> /usr/lib64/librt-2.16.so
>>> 3c89c07000-3c89c08000 rw-p 00007000 fd:00 77463871
>>> /usr/lib64/librt-2.16.so
>>> 3c89e00000-3c89e15000 r-xp 00000000 fd:00 77471658
>>> /usr/lib64/libz.so.1.2.7
>>> 3c89e15000-3c8a014000 ---p 00015000 fd:00 77471658
>>> /usr/lib64/libz.so.1.2.7
>>> 3c8a014000-3c8a015000 r--p 00014000 fd:00 77471658
>>> /usr/lib64/libz.so.1.2.7
>>> 3c8a015000-3c8a016000 rw-p 00015000 fd:00 77471658
>>> /usr/lib64/libz.so.1.2.7
>>> 3c8a200000-3c8a300000 r-xp 00000000 fd:00 77471671
>>> /usr/lib64/libm-2.16.so
>>> 3c8a300000-3c8a4ff000 ---p 00100000 fd:00 77471671
>>> /usr/lib64/libm-2.16.so
>>> 3c8a4ff000-3c8a500000 r--p 000ff000 fd:00 77471671
>>> /usr/lib64/libm-2.16.so
>>> 3c8a500000-3c8a501000 rw-p 00100000 fd:00 77471671
>>> /usr/lib64/libm-2.16.so
>>> 3c8a600000-3c8a615000 r-xp 00000000 fd:00 77471694
>>> /usr/lib64/libgcc_s-4.7.2-20121109.so.1
>>> 3c8a615000-3c8a814000 ---p 00015000 fd:00 77471694
>>> /usr/lib64/libgcc_s-4.7.2-20121109.so.1
>>> 3c8a814000-3c8a815000 r--p 00014000 fd:00 77471694
>>> /usr/lib64/libgcc_s-4.7.2-20121109.so.1
>>> 3c8a815000-3c8a816000 rw-p 00015000 fd:00 77471694
>>> /usr/lib64/libgcc_s-4.7.2-20121109.so.1
>>> 3c8aa00000-3c8aa5c000 r-xp 00000000 fd:00 77471660
>>> /usr/lib64/libpcre.so.1.0.1
>>> 3c8aa5c000-3c8ac5c000 ---p 0005c000 fd:00 77471660
>>> /usr/lib64/libpcre.so.1.0.1
>>> 3c8ac5c000-3c8ac5d000 r--p 0005c000 fd:00 77471660
>>> /usr/lib64/libpcre.so.1.0.1
>>> 3c8ac5d000-3c8ac5e000 rw-p 0005d000 fd:00 77471660
>>> /usr/lib64/libpcre.so.1.0.1
>>> 3c8b600000-3c8b63c000 r-xp 00000000 fd:00 77465274
>>> /usr/lib64/libreadline.so.6.2
>>> 3c8b63c000-3c8b83b000 ---p 0003c000 fd:00 77465274
>>> /usr/lib64/libreadline.so.6.2
>>> 3c8b83b000-3c8b83d000 r--p 0003b000 fd:00 77465274
>>> /usr/lib64/libreadline.so.6.2
>>> 3c8b83d000-3c8b843000 rw-p 0003d000 fd:00 77465274
>>> /usr/lib64/libreadline.so.6.2
>>> 3c8b843000-3c8b845000 rw-p 00000000 00:00 0 
>>> 3c8ca00000-3c8cae5000 r-xp 00000000 fd:00 77471735
>>> /usr/lib64/libstdc++.so.6.0.17
>>> 3c8cae5000-3c8cce4000 ---p 000e5000 fd:00 77471735
>>> /usr/lib64/libstdc++.so.6.0.17
>>> 3c8cce4000-3c8ccec000 r--p 000e4000 fd:00 77471735
>>> /usr/lib64/libstdc++.so.6.0.17
>>> 3c8ccec000-3c8ccee000 rw-p 000ec000 fd:00 77471735
>>> /usr/lib64/libstdc++.so.6.0.17
>>> 3c8ccee000-3c8cd03000 rw-p 00000000 00:00 0 
>>> 3c93a00000-3c93b9b000 r-xp 00000000 fd:00 77471858
>>> /usr/lib64/libcrypto.so.1.0.1e
>>> 3c93b9b000-3c93d9b000 ---p 0019b000 fd:00 77471858
>>> /usr/lib64/libcrypto.so.1.0.1e
>>> 3c93d9b000-3c93db5000 r--p 0019b000 fd:00 77471858
>>> /usr/lib64/libcrypto.so.1.0.1e
>>> 3c93db5000-3c93dc0000 rw-p 001b5000 fd:00 77471858
>>> /usr/lib64/libcrypto.so.1.0.1e
>>> 3c93dc0000-3c93dc5000 rw-p 00000000 00:00 0 
>>> 3ca1200000-3ca1225000 r-xp 00000000 fd:00 77471104
>>> /usr/lib64/libtinfo.so.5.9
>>> 3ca1225000-3ca1424000 ---p 00025000 fd:00 77471104
>>> /usr/lib64/libtinfo.so.5.9
>>> 3ca1424000-3ca1428000 r--p 00024000 fd:00 77471104
>>> /usr/lib64/libtinfo.so.5.9
>>> 3ca1428000-3ca1429000 rw-p 00028000 fd:00 77471104
>>> /usr/lib64/libtinfo.so.5.9
>>> 3ca2e00000-3ca2e23000 r-xp 00000000 fd:00 77471813
>>> /usr/lib64/libncurses.so.5.9
>>> 3ca2e23000-3ca3022000 ---p 00023000 fd:00 77471813
>>> /usr/lib64/libncurses.so.5.9
>>> 3ca3022000-3ca3023000 r--p 00022000 fd:00 77471813
>>> /usr/lib64/libncurses.so.5.9
>>> 3ca3023000-3ca3024000 rw-p 00023000 fd:00 77471813
>>> /usr/lib64/libncurses.so.5.9
>>> 3ca3e00000-3ca3e16000 r-xp 00000000 fd:00 77470820
>>> /usr/lib64/libnsl-2.16.so
>>> 3ca3e16000-3ca4015000 ---p 00016000 fd:00 77470820
>>> /usr/lib64/libnsl-2.16.so
>>> 3ca4015000-3ca4016000 r--p 00015000 fd:00 77470820
>>> /usr/lib64/libnsl-2.16.so
>>> 3ca4016000-3ca4017000 rw-p 00016000 fd:00 77470820
>>> /usr/lib64/libnsl-2.16.so
>>> 3ca4017000-3ca4019000 rw-p 00000000 00:00 0 
>>> 3ca7600000-3ca7609000 r-xp 00000000 fd:00 77472018
>>> /usr/lib64/libwrap.so.0.7.6
>>> 3ca7609000-3ca7808000 ---p 00009000 fd:00 77472018
>>> /usr/lib64/libwrap.so.0.7.6
>>> 3ca7808000-3ca7809000 r--p 00008000 fd:00 77472018
>>> /usr/lib64/libwrap.so.0.7.6
>>> 3ca7809000-3ca780a000 rw-p 00009000 fd:00 77472018
>>> /usr/lib64/libwrap.so.0.7.6
>>> 3ca780a000-3ca780b000 rw-p 00000000 00:00 0 
>>> 7f9470000000-7f9470594000 rw-p 00000000 00:00 0 
>>> 7f9470594000-7f9474000000 ---p 00000000 00:00 0 
>>> 7f9474000000-7f9474021000 rw-p 00000000 00:00 0 
>>> 7f9474021000-7f9478000000 ---p 00000000 00:00 0 
>>> 7f9478000000-7f94782a5000 rw-p 00000000 00:00 0 
>>> 7f94782a5000-7f947c000000 ---p 00000000 00:00 0 
>>> 7f947c943000-7f947c944000 ---p 00000000 00:00 0 
>>> 7f947c944000-7f947d144000 rw-p 00000000 00:00 0
>>> [stack:8999]
>>> 7f947d144000-7f947d145000 ---p 00000000 00:00 0 
>>> 7f947d145000-7f947e146000 rw-p 00000000 00:00 0
>>> [stack:8998]
>>> 7f947e146000-7f947e152000 r-xp 00000000 fd:00 77471291
>>> /usr/lib64/libnss_files-2.16.so
>>> 7f947e152000-7f947e351000 ---p 0000c000 fd:00 77471291
>>> /usr/lib64/libnss_files-2.16.so
>>> 7f947e351000-7f947e352000 r--p 0000b000 fd:00 77471291
>>> /usr/lib64/libnss_files-2.16.so
>>> 7f947e352000-7f947e353000 rw-p 0000c000 fd:00 77471291
>>> /usr/lib64/libnss_files-2.16.so
>>> 7f947e353000-7f947e354000 ---p 00000000 00:00 0 
>>> 7f947e354000-7f9486bbd000 rw-p 00000000 00:00 0
>>> [stack:8997]
>>> 7f9486bbd000-7f9486bd3000 r-xp 00000000 fd:00 77463716
>>> /usr/lib64/libpthread-2.16.so
>>> 7f9486bd3000-7f9486dd3000 ---p 00016000 fd:00 77463716
>>> /usr/lib64/libpthread-2.16.so
>>> 7f9486dd3000-7f9486dd4000 r--p 00016000 fd:00 77463716
>>> /usr/lib64/libpthread-2.16.so
>>> 7f9486dd4000-7f9486dd5000 rw-p 00017000 fd:00 77463716
>>> /usr/lib64/libpthread-2.16.so
>>> 7f9486dd5000-7f9486dda000 rw-p 00000000 00:00 0 
>>> 7f9486dda000-7f9486e60000 r-xp 00000000 fd:00 77470840
>>> /usr/lib64/libft.so.0.0.0
>>> 7f9486e60000-7f948705f000 ---p 00086000 fd:00 77470840
>>> /usr/lib64/libft.so.0.0.0
>>> 7f948705f000-7f9487061000 r--p 00085000 fd:00 77470840
>>> /usr/lib64/libft.so.0.0.0
>>> 7f9487061000-7f9487064000 rw-p 00087000 fd:00 77470840
>>> /usr/lib64/libft.so.0.0.0
>>> 7f9487064000-7f948735a000 r-xp 00000000 fd:00 77599545
>>> /usr/lib64/mysql/libmysqlclient.so.18.0.0
>>> 7f948735a000-7f948755a000 ---p 002f6000 fd:00 77599545
>>> /usr/lib64/mysql/libmysqlclient.so.18.0.0
>>> 7f948755a000-7f948762c000 rw-p 002f6000 fd:00 77599545
>>> /usr/lib64/mysql/libmysqlclient.so.18.0.0
>>> 7f948762c000-7f9487632000 rw-p 00000000 00:00 0 
>>> 7f948764f000-7f9487652000 rw-p 00000000 00:00 0 
>>> 7fff16923000-7fff16944000 rw-p 00000000 00:00 0
>>> [stack]
>>> 7fff169fe000-7fff16a00000 r-xp 00000000 00:00 0
>>> [vdso]
>>> ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
>>> [vsyscall]
>>> Aborted (core dumped)
>>> 
>>> I run ldd against the image and I get this:
>>> 
>>> ldd /usr/local/bin/rasqlinsert 
>>> 	linux-vdso.so.1 =>  (0x00007fffaebfe000)
>>> 	libpcreposix.so.0 => /lib64/libpcreposix.so.0 (0x0000003c89200000)
>>> 	libpcre.so.1 => /lib64/libpcre.so.1 (0x0000003c8aa00000)
>>> 	libmysqlclient.so.18 => /usr/lib64/mysql/libmysqlclient.so.18
>>> (0x00007f3f8c855000)
>>> 	libm.so.6 => /lib64/libm.so.6 (0x0000003c8a200000)
>>> 	libft.so.0 => /lib64/libft.so.0 (0x00007f3f8c5cb000)
>>> 	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3f8c3ae000)
>>> 	libz.so.1 => /lib64/libz.so.1 (0x0000003c89e00000)
>>> 	libncurses.so.5 => /lib64/libncurses.so.5 (0x0000003ca2e00000)
>>> 	libtinfo.so.5 => /lib64/libtinfo.so.5 (0x0000003ca1200000)
>>> 	libreadline.so.6 => /lib64/libreadline.so.6 (0x0000003c8b600000)
>>> 	libc.so.6 => /lib64/libc.so.6 (0x0000003c88e00000)
>>> 	libdl.so.2 => /lib64/libdl.so.2 (0x0000003c89600000)
>>> 	librt.so.1 => /lib64/librt.so.1 (0x0000003c89a00000)
>>> 	libstdc++.so.6 => /lib64/libstdc++.so.6 (0x0000003c8ca00000)
>>> 	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000003c8a600000)
>>> 	libcrypto.so.10 => /lib64/libcrypto.so.10 (0x0000003c93a00000)
>>> 	libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003ca3e00000)
>>> 	libwrap.so.0 => /lib64/libwrap.so.0 (0x0000003ca7600000)
>>> 	/lib64/ld-linux-x86-64.so.2 (0x0000003c88a00000)
>>> 
>>> Checking the dates of the dynamic libraries indicates that I am linking
> to
>>> the most up to date versions.
>>> 
>>> --Dave
>>> 
>>> 
>>> 
>>> -----Original Message-----
>>> From: Carter Bullard [mailto:carter at qosient.com] 
>>> Sent: Tuesday, August 20, 2013 7:17 PM
>>> To: David Edelman
>>> Cc: Argus
>>> Subject: Re: [ARGUS] new argus-clients-3.0.7.14 on the server
>>> 
>>> Hmmmm, I'll take another look tonight.  It was working here with your
>>> file...frustrating !!!
>>> 
>>> Carter
>>> 
>>> On Aug 20, 2013, at 6:15 PM, "David Edelman" <dedelman at iname.com> wrote:
>>> 
>>>> Carter,
>>>> 
>>>> I'm having the exact same problem as before. 
>>>> 
>>>> I did a clean install after changing the string in VERSION so that I
> knew
>>>> that I was using new code. I applied the argus_label.c change which
>> didn't
>>>> make any difference. I created .debug and .devel; make clobber,
> ./config;
>>>> make; make install and ran under gdb and it is the same picture.
>>>> 
>>>> The instances of rasqlinsert taking data from radium are as happy as
>>> clams. 
>>>> 
>>>> What additional material can I collect for you?
>>>> 
>>>> --Dave
>>>> 
>>>> -----Original Message-----
>>>> From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
>>>> [mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On
>>>> Behalf Of Carter Bullard
>>>> Sent: Tuesday, August 20, 2013 10:59 AM
>>>> To: Argus
>>>> Subject: [ARGUS] new argus-clients-3.0.7.14 on the server
>>>> 
>>>> Gentle people,
>>>> New client code up on the server.  This release fixes all
>>>> known bugs that has been reported on the list, as well as
>>>> having major modifications to rapath().
>>>> 
>>>> New code has been added as guards around the reported
>>>> label problems, but I am not sure that it has fixed
>>>> the problem.  If we could test that, that would be great !!!
>>>> 
>>>> We've made some big changes to rapath().  rapath() extracts
>>>> topology information from argus data.  Basically it takes all
>>>> data that has ICMP TXD messages mapped to it, and tabulates path
>>>> information where it can.  This has the effect of capturing all
>>>> traceroutes() that are observed by argus, regardless of the
>>>> techniqu;  UDP, TCP or ICMP based, weather its vanilla or paris method,
>>>> or several of the proprietary strategies seen in intrusions.
>>>> 
>>>> We've changed the default output of the graph that rapath.1
>>>> generates (using the -A option) to include the srcid, saddr
>>>> and daddr, so that you can build topology from just the
>>>> graphs.  I'll add the stime and duration as well, but need
>>>> to figure out some command line options to control all these
>>>> new fields.  Also rapath() is going to get a realtime mode,
>>>> currently, its a " read a file, generate some output " type of
>>>> tool.
>>>> 
>>>> Please grab this code and give it a run.  I'm hoping to
>>>> release 3.0.7.x as 3.0.8 in the next month, so if there are
>>>> any gotchas, don't hold back.
>>>> 
>>>> Carter
>>>> 
>>> <rasqlinsert-Dump.txt><rasqlinsertLDD.txt>
>> 
> 
> <rasqlinsert-gdb.txt>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6283 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130821/d4ea075d/attachment.bin>


More information about the argus mailing list