argus-3.0.7.5 and argus-clients-3.0.7.18 on the server
Carter Bullard
carter at qosient.com
Tue Nov 26 08:49:18 EST 2013
Hey Chris,
I've been running many combinations of old vs new and I'm not seeing anything a miss, but all you need is one.
Carter
> On Nov 26, 2013, at 8:43 AM, Chris Wakelin <c.d.wakelin at reading.ac.uk> wrote:
>
> I've been running 3.0.7.5 / 3.0.7.18 (replacing 3.0.7.4 / 3.0.7.16) on
> the student network for about an hour. Seems OK to me, with
> racount/ratop behaving as expected.
>
> Best Wishes,
> Chris
>
>> On 26/11/13 13:22, Carter Bullard wrote:
>> Hey Jesper,
>> This is why we have to test and test and test :O(
>> Something must have crept into the code, as other bizarreness is being reported. However, I am not seeing anything odd. What machine type and OS are you using ???
>>
>> Did you print out any records to see if all were corrupt, or only one ??
>>
>> Can you send a sample argus-3.0.5 output file with the bad TCP data?? If you have a packet file that generates the corrupt data, can you share ???
>>
>> Sorry, shouldn't be hard to fix.
>>
>> Carter
>>
>>
>>> On Nov 26, 2013, at 7:13 AM, Jesper Skou Jensen <jesper.skou.jensen at uni-c.dk> wrote:
>>>
>>> Now that my compiling issues are fixed, I've moved on to testing the new Argus and clients.
>>>
>>> I'm getting some funky results with eg. racount, but ragraph is weird too I think and maybe more ra-clients that I haven't tested with. It looks like an issue with the Argus server and TCP packets.
>>>
>>> Test with argus file written earlier today with Argus version 3.0.7.3
>>> :~# racount -r old.ra
>>> racount records total_pkts src_pkts dst_pkts total_bytes src_bytes dst_bytes
>>> sum 4039147 58347562 36023110 22324452 38558018790 8629875276 29928143514
>>>
>>> Test with argus file written just now with Argus version 3.0.7.5
>>> :~# racount -r new
>>> racount records total_pkts src_pkts dst_pkts total_bytes src_bytes dst_bytes
>>> sum 4784540 228845934958855649 218118303098026684 10727631860828965 -6720755720319015608 -7008709186520164355 287953466201148747
>>>
>>> :~# racount -r new - not tcp
>>> racount records total_pkts src_pkts dst_pkts total_bytes src_bytes dst_bytes
>>> sum 2852715 23749856 19396421 4353435 4238739977 3599987646 638752331
>>>
>>> :~# racount -r new - tcp
>>> racount records total_pkts src_pkts dst_pkts total_bytes src_bytes dst_bytes
>>> sum 1931826 228845934935105793 218118303078630263 10727631856475530 -6720755724557755585 -7008709190120152001 287953465562396416
>>>
>>>
>>> Regards
>>> Jesper
>>>
>>>> On 25-11-2013 18:46, Carter Bullard wrote:
>>>> Gentle people,
>>>> New software is available on the developers site. This is a big push
>>>> to release, and the packages fix all bugs reported to the mailing list.
>>>> Argus fixes some direction issues with ARP transactions, and the clients
>>>> fix a number of issues with filters, radium management records, and
>>>> adds xz decompression for argus data files. Many changes to manpages,
>>>> and there should be new scripts for updating IANA RIR data fetching,
>>>> to maintain the delegated ip address tables. There is improvement in
>>>> GeoIP database use, with some extensions added based on changes in
>>>> the API. The code is in the standard places:
>>>>
>>>> http://qosient.com/argus/dev/argus-latest.tar.gz
>>>> http://qosient.com/argus/dev/argus-clients-latest.tar.gz
>>>>
>>>> Please give these a run, and if there are any problems, get those
>>>> complaints in there, so we can release 3.0.8 by the end of the year.
>>>>
>>>> Hope all is most excellent,
>>>>
>>>> Carter
>
>
> --
> --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
> Christopher Wakelin, c.d.wakelin at reading.ac.uk
> IT Services Centre, The University of Reading, Tel: +44 (0)118 378 2908
> Whiteknights, Reading, RG6 6AF, UK Fax: +44 (0)118 975 3094
>
More information about the argus
mailing list