argus-clients-3.0.7.16 now available
David Edelman
dedelman at iname.com
Mon Sep 30 11:20:25 EDT 2013
I'll fire up GDB and provide a bit better context.
As for the Netflow stuff 00:00:00:00:00:03 would be great.
--Dave
On 9/30/13 2:20 PM, "Carter Bullard" <carter at qosient.com> wrote:
>Hey Dave,
>Thanks !!!!!!
>I'll fix these today / this week.
>
>I don't get the problems you see with GeoIP...
>If you could do the gdb() thing that would be great, if not, I'll
>need to know machine / OS type, how radium is called, etc... For
>me to replicate the problem to debug, I'll also need the label
>configuration files you are using.
>
>I'll look at the Netflow issue, do you expect the output to be:
> 00:00:00:00:00:03
>
>or would you rather it be:
> 3
>
>I can make an exception for Netflow data and L2 data types, but
>there isn't a real L2 type of (short int), so I'll have
>to think of what to do to make this exception throughout the
>whole system.
>
>Carter
>
>
>
>On Sep 28, 2013, at 1:10 PM, David Edelman <dedelman at iname.com> wrote:
>
>> Carter,
>>
>> This version looks pretty good. I've been hammering on rasqlinsert and
>>it
>> looks very stable. I have seen two problems:
>>
>> 1 - If .rarc is set to only translate proto then using :n in ratop and
>> setting the value to all or port does not get the port names to display.
>> Setting it to all will do the hostname translation but not port. If
>>.rarc
>> is set to port, then it all works
>> 2 - If I specify any of the GeoIP labeling options then radium seg
>>faults.
>> I downloaded the latest libraries and data files from MaxMind and
>>rebuild
>> the clients, but no luck. As far as ldd can tell, I am linked with the
>> correct library. If you need me to, I can do some debugging on this
>>later
>> today.
>>
>>
>> A nit, but not really a problem - dmac and smac have the NetFlow port
>> index numbers but it looks like you may be doing hton conversion on the
>> value so the display is a bit odd. I get 00:00:00:00:03:00 for port
>>index
>> 3
>>
>>
>>
>>
>> --Dave
>>
>>
>>
>> On 9/27/13 3:32 AM, "Carter Bullard" <carter at qosient.com> wrote:
>>
>>> Gentle people,
>>> New clients are on the development server, which fixes all known bugs,
>>> well, at least the ones that I'm aware of that needed to be fixed.
>>> However, if you download the code, and your problem is not resolved,
>>> please holler, as I'd like to get the code ready for stable release.
>>>
>>> http://qosient.com/argus/dev/argus-clients-latest.tar.gz
>>>
>>>
>>> This version has failed and now passed a large number of memory tests,
>>> as we had a serious stack corruption problem after fixing the big label
>>> merging and processing bugs a few weeks back.
>>>
>>> Lots of little nits are now working, and of course, filtering and
>>>sorting
>>> with -0.0 as a valid value, are now working.
>>>
>>> I still need to work on ranonymize() performance, and followup on SQL
>>> database performance issues.
>>>
>>> And then on to argus-3.0.7.5Š.
>>>
>>> Hope all is most excellent, and thanks for all the help !!!!!
>>>
>>> Carter
>>>
>>>
>>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2442 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130930/00acc3e5/attachment.bin>
More information about the argus
mailing list