argus-3.0.7.5 and argus-clients-3.0.7.18 on the server

Chris Wakelin c.d.wakelin at reading.ac.uk
Tue Nov 26 08:43:38 EST 2013 

I've been running 3.0.7.5 / 3.0.7.18 (replacing 3.0.7.4 / 3.0.7.16) on
the student network for about an hour. Seems OK to me, with
racount/ratop behaving as expected.

Best Wishes,
Chris

On 26/11/13 13:22, Carter Bullard wrote:
> Hey Jesper,
> This is why we have to test and test and test :O(
> Something must have crept into the code, as other bizarreness is being reported. However, I am not seeing anything odd.  What machine type and OS are you using ???
> 
> Did you print out any records to see if all were corrupt, or only one ??
> 
> Can you send a sample argus-3.0.5 output file with the bad TCP data??  If you have a packet file that generates the corrupt data, can you share ???
> 
> Sorry, shouldn't be hard to fix.
> 
> Carter
> 
> 
>> On Nov 26, 2013, at 7:13 AM, Jesper Skou Jensen <jesper.skou.jensen at uni-c.dk> wrote:
>>
>> Now that my compiling issues are fixed, I've moved on to testing the new Argus and clients.
>>
>> I'm getting some funky results with eg. racount, but ragraph is weird too I think and maybe more ra-clients that I haven't tested with. It looks like an issue with the Argus server and TCP packets.
>>
>> Test with argus file written earlier today with Argus version 3.0.7.3
>> :~# racount -r old.ra
>> racount   records     total_pkts     src_pkts       dst_pkts total_bytes        src_bytes          dst_bytes
>>    sum   4039147     58347562       36023110       22324452 38558018790        8629875276         29928143514
>>
>> Test with argus file written just now with Argus version 3.0.7.5
>> :~# racount -r new
>> racount   records     total_pkts     src_pkts       dst_pkts total_bytes        src_bytes          dst_bytes
>>    sum   4784540     228845934958855649 218118303098026684 10727631860828965 -6720755720319015608 -7008709186520164355 287953466201148747
>>
>> :~# racount -r new - not tcp
>> racount   records     total_pkts     src_pkts       dst_pkts total_bytes        src_bytes          dst_bytes
>>    sum   2852715     23749856       19396421       4353435 4238739977         3599987646         638752331
>>
>> :~# racount -r new - tcp
>> racount   records     total_pkts     src_pkts       dst_pkts total_bytes        src_bytes          dst_bytes
>>    sum   1931826     228845934935105793 218118303078630263 10727631856475530 -6720755724557755585 -7008709190120152001 287953465562396416
>>
>>
>> Regards
>> Jesper
>>
>>> On 25-11-2013 18:46, Carter Bullard wrote:
>>> Gentle people,
>>> New software is available on the developers site.  This is a big push
>>> to release, and the packages fix all bugs reported to the mailing list.
>>> Argus fixes some direction issues with ARP transactions, and the clients
>>> fix a number of issues with filters, radium management records, and
>>> adds xz decompression for argus data files.  Many changes to manpages,
>>> and there should be new scripts for updating IANA RIR data fetching,
>>> to maintain the delegated ip address tables.   There is improvement in
>>> GeoIP database use, with some extensions added based on changes in
>>> the API.  The code is in the standard places:
>>>
>>>    http://qosient.com/argus/dev/argus-latest.tar.gz
>>>    http://qosient.com/argus/dev/argus-clients-latest.tar.gz
>>>
>>> Please give these a run, and if there are any problems, get those
>>> complaints in there, so we can release 3.0.8 by the end of the year.
>>>
>>> Hope all is most excellent,
>>>
>>> Carter
>>
>>


-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 2908
Whiteknights, Reading, RG6 6AF, UK              Fax: +44 (0)118 975 3094

More information about the argus mailing list