Argus seems to stop writing data that ra can read.
Scott A. McIntyre
s.a.mcintyre at gmail.com
Wed Mar 26 19:28:42 EDT 2014
Hi,
I upgraded an Argus box of mine yesterday and am now running argus
version 3.0.7.5 - I'm using the same configuration file that I was using
from a slightly earlier version, but, I don't think that my issue is
related to the configuration file.
Symptom: After X amount of minutes (lowest 1, highest 20ish) argus
clients are unable to read new data that is in argus.out.
Example:
-rw-r--r-- 1 root root 5149276 Mar 27 10:23 argus.out
A few moments later:
-rw-r--r-- 1 root root 5969972 Mar 27 10:27 argus.out
So, the output is increasing, but, ra (Ra Version 3.0.7.23) shows the
following with a simple ra -n -r argus.out
10:01:16.972396 e tcp 1.2.3.4.6714 ->
5.6.7.8.22 3 294 CON
10:01:17.065805 e tcp 1.2.3.4.8167 ->
5.6.7.8.22 3 294 CON
And that's it - nothing more.
tcpdump and tshark continue to report new data arriving.
I must be missing something "obvious" here - but would appreciate
someone pointing out what that obvious thing is.
Regards,
Scott
More information about the argus
mailing list