Error Starting Argus Daemon
Welland, Neal
N.Welland at warwick.ac.uk
Wed Jan 23 06:50:52 EST 2013
Good morning (just),
I commented out both ID statements from argus.conf, but it resulted in exactly the same error in /var/adm/messages.
Any other ideas?
Regards, Neal.
From: Carter Bullard [mailto:carter at qosient.com]
Sent: 22 January 2013 17:21
To: Welland, Neal
Cc: argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] Error Starting Argus Daemon
* PGP - S/MIME Signed by an unverified key: 22/01/2013 at 17:21:18
Hey Neal,
Comment out the ARGUS_SETUSER_ID and ARGUS_SETGROUP_ID statements,
to see if you get past the error. If you do get past, then I can start looking at what
is the problem with the UID logic.
Carter
On Jan 22, 2013, at 11:46 AM, "Welland, Neal" <N.Welland at warwick.ac.uk<mailto:N.Welland at warwick.ac.uk>> wrote:
Hi,
I have a user account "argus:other" and have set the following options in argus.conf:
ARGUS_ACCESS_PORT=561
ARGUS_CAPTURE_DATA_LEN=32
ARGUS_DAEMON=yes
ARGUS_DEBUG_LEVEL=0
ARGUS_FLOW_KEY="CLASSIC_5_TUPLE"
ARGUS_FLOW_STATUS_INTERVAL=5
ARGUS_FLOW_TYPE="Bidirectional"
ARGUS_GENERATE_APPBYTE_METRIC=yes
ARGUS_GENERATE_BIDIRECTIONAL_TIMESTAMPS=yes
ARGUS_GENERATE_JITTER_DATA=no
ARGUS_GENERATE_MAC_DATA=no
ARGUS_GENERATE_PACKET_SIZE=yes
ARGUS_GENERATE_RESPONSE_TIME_DATA=no
ARGUS_GO_PROMISCUOUS=yes
ARGUS_INTERFACE=nxge0
ARGUS_MAR_STATUS_INTERVAL=60
ARGUS_MONITOR_ID=`hostname`
ARGUS_OUTPUT_FILE=/datapool/cachi_int-rz1/tap.argus
ARGUS_PID_PATH="/var/run"
ARGUS_SET_PID=yes
ARGUS_SETGROUP_ID=other
ARGUS_SETUSER_ID=argus
I'm using sudo to get the necessary privileges:
/opt/csw/bin/sudo /usr/local/sbin/argus -F /etc/argus.conf
Neal.
From: Carter Bullard [mailto:carter at qosient.com<http://qosient.com/>]
Sent: 22 January 2013 16:27
To: Welland, Neal
Cc: argus-info at lists.andrew.cmu.edu<mailto:argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] Error Starting Argus Daemon
> Old - S/MIME Signed by an unverified key: 22/01/2013 at 16:27:03
Are you redefining the UID / GID through the argus.conf ?
And are you running as root ?
Carter
On Jan 22, 2013, at 11:19 AM, "Welland, Neal" <N.Welland at warwick.ac.uk<mailto:N.Welland at warwick.ac.uk>> wrote:
Hi again,
After successfully getting the argus daemon to compile on Solaris 10, I am now having problems starting it!
I get the following errors in /var/adm/messages:
Jan 22 16:09:11 cachi argus[22768]: [ID 324209 daemon.warning] 22 Jan 13 16:09:11.225846 started
Jan 22 16:09:11 cachi argus[22768]: [ID 991180 daemon.error] 22 Jan 13 16:09:11.231028 ArgusInitOutput() pthread_create error Not owner
Jan 22 16:09:11 cachi argus[22768]: [ID 218572 daemon.warning] 22 Jan 13 16:09:11.231164 stopped
Any ideas what ownership it's failing on?
Regards,
--
Neal Welland, Information Security Analyst. War-CSIIRT<http://www.first.org/members/teams/war-csiirt>
University of Warwick, IT Services, Coventry CV4 8UW, UK
E: n.welland at warwick.ac.uk<mailto:n.welland at warwick.ac.uk> M: 07880 175391
PGP keys available: http://keys.warwick.ac.uk<http://keys.warwick.ac.uk/>
* Carter Bullard <carter at qosient.com<mailto:carter at qosient.com>>
* Issuer: "VeriSign - Unverified
* Carter Bullard <carter at qosient.com<mailto:carter at qosient.com>>
* Issuer: "VeriSign - Unverified
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130123/dad5a7bb/attachment.html>
More information about the argus
mailing list