NEW IMPORTANT argus-3.0.7.4 and argus-clients-3.0.7.12

Carter Bullard carter at qosient.com
Mon Jul 22 17:50:05 EDT 2013


Gentle people,
New argus and clients on the server.
THIS IS AN IMPORTANT RELEASE of argus-3.0.7.

We have found a big bad bug in argus-3.0.7.3+, that resulted
in a failure for argus to report all flows within the
ARGUS_FAR_STATUS_INTERVAL, leaving long lived flows unreported
until the end of the flow.

The bug should not have caused argus to fail to report activity
on the wire, but it would cause real-time flow data processors
to get data very late….  In some cases rastream() may throw
newly transmitted flows away, and so archives may not have
stored all flows.  This bug may have contributed to some flows
being reported with curious states (timed out but not timed out,
for example).  Also, it could result in low flow record output,
and possibly inappropriate direction indicators.

If you have been running argus-3.0.7.x, please download
this new release immediately.

The best way to realize if you have been affected by the bug
is to filter your argus data for flows whose duration is greater
than your ARGUS_FAR_STATUS_INTERVAL.  Mine is 5 seconds, 
so this revealed the bug for me:

   ra -r /path/to/my/archive/2013/07/22/* - dur gt 5.0

Because this is primitive data, no flows should ever have
a duration longer than the FAR status interval.

All known bug issues that have been resolved are in these
new releases, so please give this new argus and clients
a run.

Thanks !!!  And sorry for any inconvenience.


Carter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130722/91c49076/attachment.bin>


More information about the argus mailing list