Why sas das feature in rasqlinsert doesnot work?

Rahimeh Khodadadi rahimeh.khodadadi at gmail.com
Tue Jul 23 01:54:28 EDT 2013 

Thank you very much indeed Matt, but when I run the command gives such a
erorr:


*** glibc detected *** argus: double free or corruption (fasttop):
0x0000000002393260 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x76d76)[0x7f516622ad76]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7f516622faac]
argus[0x416904]
argus[0x405124]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f51661d2ead]
argus[0x4053c9]
======= Memory map: ========
00400000-0045c000 r-xp 00000000 08:01 945824
/usr/local/sbin/argus
0065c000-00660000 rw-p 0005c000 08:01 945824
/usr/local/sbin/argus
00660000-00666000 rw-p 00000000 00:00 0
02392000-023b3000 rw-p 00000000 00:00 0
[heap]
7f5160000000-7f5160021000 rw-p 00000000 00:00 0
7f5160021000-7f5164000000 ---p 00000000 00:00 0
7f5165b93000-7f5165ba8000 r-xp 00000000 08:01 391684
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f5165ba8000-7f5165da8000 ---p 00015000 08:01 391684
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f5165da8000-7f5165da9000 rw-p 00015000 08:01 391684
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f5165da9000-7f51661b4000 rw-p 00000000 00:00 0
7f51661b4000-7f5166334000 r-xp 00000000 08:01 391699
/lib/x86_64-linux-gnu/libc-2.13.so
7f5166334000-7f5166534000 ---p 00180000 08:01 391699
/lib/x86_64-linux-gnu/libc-2.13.so
7f5166534000-7f5166538000 r--p 00180000 08:01 391699
/lib/x86_64-linux-gnu/libc-2.13.so
7f5166538000-7f5166539000 rw-p 00184000 08:01 391699
/lib/x86_64-linux-gnu/libc-2.13.so
7f5166539000-7f516653e000 rw-p 00000000 00:00 0
7f516653e000-7f5166554000 r-xp 00000000 08:01 391770
/lib/x86_64-linux-gnu/libz.so.1.2.7
7f5166554000-7f5166753000 ---p 00016000 08:01 391770
/lib/x86_64-linux-gnu/libz.so.1.2.7
7f5166753000-7f5166754000 r--p 00015000 08:01 391770
/lib/x86_64-linux-gnu/libz.so.1.2.7
7f5166754000-7f5166755000 rw-p 00016000 08:01 391770
/lib/x86_64-linux-gnu/libz.so.1.2.7
7f5166755000-7f51667d6000 r-xp 00000000 08:01 391696
/lib/x86_64-linux-gnu/libm-2.13.so
7f51667d6000-7f51669d5000 ---p 00081000 08:01 391696
/lib/x86_64-linux-gnu/libm-2.13.so
7f51669d5000-7f51669d6000 r--p 00080000 08:01 391696
/lib/x86_64-linux-gnu/libm-2.13.so
7f51669d6000-7f51669d7000 rw-p 00081000 08:01 391696
/lib/x86_64-linux-gnu/libm-2.13.so
7f51669d7000-7f51669ec000 r-xp 00000000 08:01 391703
/lib/x86_64-linux-gnu/libnsl-2.13.so
7f51669ec000-7f5166beb000 ---p 00015000 08:01 391703
/lib/x86_64-linux-gnu/libnsl-2.13.so
7f5166beb000-7f5166bec000 r--p 00014000 08:01 391703
/lib/x86_64-linux-gnu/libnsl-2.13.so
7f5166bec000-7f5166bed000 rw-p 00015000 08:01 391703
/lib/x86_64-linux-gnu/libnsl-2.13.so
7f5166bed000-7f5166bef000 rw-p 00000000 00:00 0
7f5166bef000-7f5166bf8000 r-xp 00000000 08:01 392204
/lib/x86_64-linux-gnu/libwrap.so.0.7.6
7f5166bf8000-7f5166df7000 ---p 00009000 08:01 392204
/lib/x86_64-linux-gnu/libwrap.so.0.7.6
7f5166df7000-7f5166df8000 r--p 00008000 08:01 392204
/lib/x86_64-linux-gnu/libwrap.so.0.7.6
7f5166df8000-7f5166df9000 rw-p 00009000 08:01 392204
/lib/x86_64-linux-gnu/libwrap.so.0.7.6
7f5166df9000-7f5166dfa000 rw-p 00000000 00:00 0
7f5166dfa000-7f5166e11000 r-xp 00000000 08:01 391689
/lib/x86_64-linux-gnu/libpthread-2.13.so
7f5166e11000-7f5167010000 ---p 00017000 08:01 391689
/lib/x86_64-linux-gnu/libpthread-2.13.so
7f5167010000-7f5167011000 r--p 00016000 08:01 391689
/lib/x86_64-linux-gnu/libpthread-2.13.so
7f5167011000-7f5167012000 rw-p 00017000 08:01 391689
/lib/x86_64-linux-gnu/libpthread-2.13.so
7f5167012000-7f5167016000 rw-p 00000000 00:00 0
7f5167016000-7f5167036000 r-xp 00000000 08:01 391702
/lib/x86_64-linux-gnu/ld-2.13.so
7f51671de000-7f51671e3000 rw-p 00000000 00:00 0
7f51671e3000-7f516721b000 r-xp 00000000 08:01 930663
/usr/lib/x86_64-linux-gnu/libpcap.so.1.3.0
7f516721b000-7f516721d000 r--p 00037000 08:01 930663
/usr/lib/x86_64-linux-gnu/libpcap.so.1.3.0
7f516721d000-7f516721e000 rw-p 00039000 08:01 930663
/usr/lib/x86_64-linux-gnu/libpcap.so.1.3.0
7f516721e000-7f516721f000 rw-p 00000000 00:00 0
7f5167233000-7f5167235000 rw-p 00000000 00:00 0
7f5167235000-7f5167236000 r--p 0001f000 08:01 391702
/lib/x86_64-linux-gnu/ld-2.13.so
7f5167236000-7f5167237000 rw-p 00020000 08:01 391702
/lib/x86_64-linux-gnu/ld-2.13.so
7f5167237000-7f5167238000 rw-p 00000000 00:00 0
7fffc0424000-7fffc0445000 rw-p 00000000 00:00 0
[stack]
7fffc05e0000-7fffc05e1000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]



On Mon, Jul 22, 2013 at 6:45 PM, Matt Brown <matthewbrown at gmail.com> wrote:

> Typo fixed:
>
> `argus -r pcapped.pcap -w - | ralabel -f ralabel.conf -r - -w - -s +sas
> +das | rasqlinsert -r - -w mysql://root@localhost/argus/a  -s stime dur
> sas das dir`
>
>
> Thanks,
>
> Matt
>
>
> On Jul 22, 2013, at 9:13 AM, Matt Brown <matthewbrown at gmail.com> wrote:
>
> I'm on my phone, but here is a shot at it...
>
> `argus -r pcapped.pcap -w - | ralabel -f ralabel.conf -r - -w - -s +sas
> +das | rasqlinsert -r /usr/a.argus -w mysql://root@localhost/argus/a  -s
> stime dur sas das dir`
>
> See the man page of ralabel.
>
>
>
> On Jul 22, 2013, at 8:52 AM, Rahimeh Khodadadi <
> rahimeh.khodadadi at gmail.com> wrote:
>
> Thanks Matt, the problem is here, I have a pcap file, I don't want to
> capture traffic.
> the radium is useless for my problem. I didnot get the second way. Can you
> show me by an example
>
>
> On Mon, Jul 22, 2013 at 4:56 PM, Matt Brown <matthewbrown at gmail.com>wrote:
>
>> As far as I know, consider adding the labels sas and das in-line...
>> Meaning, if you connect to the argus probe with radium, configure radium to
>> label sas and das, then connect clients to radium.  radium acts as a sort
>> of buffer handler for things such as transferring argus data over the
>> network.
>>
>> Or you can use ralabel to connect to argus, then use stdout of ralabel to
>> stdin of rasqlinsert.
>>
>>
>>
>> On Jul 22, 2013, at 8:12 AM, Rahimeh Khodadadi <
>> rahimeh.khodadadi at gmail.com> wrote:
>>
>> Thanks carter, but I want to insert to database, I use this command:
>>
>> rasqlinsert -r /usr/a.argus -w mysql://root@localhost/argus/a  -s stime
>> dur sas das dir
>>
>>
>> On Mon, Jul 22, 2013 at 4:34 PM, Carter Bullard <carter at qosient.com>wrote:
>>
>>> Use ralabel() to add origin AS numbers to flows using the GeoIP
>>> database.  Radium, which is a flow labeler, can do this as it collects flow
>>> records.
>>>
>>> Carter
>>>
>>> On Jul 22, 2013, at 7:46 AM, Rahimeh Khodadadi <
>>> rahimeh.khodadadi at gmail.com> wrote:
>>>
>>> > Hi,
>>> >
>>> > I need the two features sas and das of traffic, but their value is 0.
>>> > Please help
>>> >
>>> > --
>>> > With Best Regards
>>> > Rahimeh Khodadadi
>>> >
>>>
>>
>>
>>
>> --
>> With Best Regards
>> Rahimeh Khodadadi
>>
>>
>
>
> --
> With Best Regards
> Rahimeh Khodadadi
>
>


-- 
With Best Regards
Rahimeh Khodadadi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130723/807a6683/attachment.html>

More information about the argus mailing list