rasplit idle closing
Jesse Bowling
jessebowling at gmail.com
Tue Feb 4 22:58:25 EST 2014
Built a new sensor box with my standard stack (PF_RING + argus), differing
only from other builds in that I'm using latest versions (PF_RING 5.6.2,
argus-3.0.7.5, argus-clients-3.0.7.19). I found that the rasplit instance I
attach locally to argus appears to timeout after 10 or so minutes:
rasplit[24738.0077daf0837f0000]: 02/04/14 22:34:56.974965
ArgusReadStreamSocket (0x7f83f0c91010) read 352 bytes
rasplit[24738.0077daf0837f0000]: 02/04/14 22:34:58.975067
ArgusReadStreamSocket (0x7f83f0c91010) read 428 bytes
rasplit[24738.0077daf0837f0000]: 02/04/14 22:35:16.975751
ArgusReadStreamSocket (0x7f83f0c91010) read 460 bytes
rasplit[24738]: 02/04/14 22:37:17.016896 ArgusReadStream 10.9.28.20: idle
stream: closing
rasplit[24738.0077daf0837f0000]: 02/04/14 22:37:20.979732
ArgusCloseInput(0xf0c91010) closing
This is a much smaller link than I usually monitor (100 Mb connection), but
it seems highly unlikely that there was in fact 2 minutes without a single
flow.
Any hints on where to look for the issue?
Cheers,
Jesse
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140204/18d6c257/attachment.html>
More information about the argus
mailing list