argus error message

MN m.newton at stanford.edu
Thu Nov 20 21:16:32 EST 2014 

Hi Carter - on Ubuntu 14.04.1 LTS, pcap 1.6.2, argus 3.0.8 (I've changed
control characters to ^x to prevent mailers from experiencing too much
anxiety):

  ArgusWarning: 18 Nov 14 10:12:43.685476 ArgusCheckClientMessage: received ^x
  ArgusWarning: 18 Nov 14 10:12:43.726362 ArgusCheckClientMessage: received ^d^a
  ArgusWarning: 18 Nov 14 10:12:43.779023 ArgusCheckClientMessage: received l
  ArgusWarning: 18 Nov 14 10:12:43.838211 ArgusCheckClientMessage: received 8HKCEJ:^\q]huo$5^\%
  ArgusWarning: 18 Nov 14 10:12:43.929395 ArgusCheckClientMessage: received status

  ArgusWarning: 18 Nov 14 10:12:43.978500 ArgusCheckClientMessage: received ^r^a
  ArgusWarning: 18 Nov 14 10:12:44.421381 ArgusCheckClientMessage: client noname never started: timed out
  ArgusWarning: 18 Nov 14 10:12:44.581236 ArgusCheckClientMessage: client noname never started: timed out
  ArgusWarning: 18 Nov 14 10:12:44.760099 ArgusCheckClientMessage: client noname never started: timed out
  ArgusWarning: 18 Nov 14 10:12:44.910570 ArgusCheckClientMessage: client noname never started: timed out
  ArgusWarning: 18 Nov 14 10:12:45.114734 ArgusCheckClientMessage: client noname never started: timed out
  ArgusWarning: 18 Nov 14 10:12:48.294836 ArgusCheckClientMessage: client noname never started: timed out
  ArgusWarning: 18 Nov 14 10:12:48.458081 ArgusCheckClientMessage: client noname never started: timed out
  ArgusWarning: 18 Nov 14 10:12:48.590864 ArgusCheckClientMessage: client noname never started: timed out
  ArgusWarning: 18 Nov 14 10:12:48.730317 ArgusCheckClientMessage: received ^p^a
  ArgusWarning: 18 Nov 14 10:12:53.739017 ArgusCheckClientMessage: client noname never started: timed out
  ArgusWarning: 18 Nov 14 10:12:53.883301 ArgusCheckClientMessage: received 
  ArgusWarning: 18 Nov 14 10:12:59.022351 ArgusCheckClientMessage: client noname never started: timed out
  ArgusWarning: 18 Nov 14 10:13:05.210904 ArgusCheckClientMessage: client noname never started: timed out
  ArgusWarning: 18 Nov 14 10:13:06.443490 ArgusCheckClientMessage: received ^a
  ArgusWarning: 18 Nov 14 10:14:19.888625 ArgusCheckClientMessage: client noname never started: timed out


This happens roughly ever 5 days on our three busiest Argus collectors.
It does not appear to affect flow collection.

Is it just some random TCP connection causing the problem?

Thanks,
- mike

ps: libpcap 1.3.0 and some versions of Argus do not work well - random
crashes every few days on 10gb connections.  We switched to 1.6.2 and
these problems went away.

More information about the argus mailing list