ArgusInterface timestamps wayyy out of order
Carter Bullard
carter at qosient.com
Wed Jul 1 11:25:05 EDT 2015
Hey Russell,
Hmmm, they don’t look “wayyyyy out of order”. Are you running argus-3.0.8.1 ???
Is this a PF_RING configuration, if so, the new argus-3.0.8.2.rc may
have some code tweaks that help with this … Let me dive into this
again, and see what maybe up.
Carter
> On Jun 30, 2015, at 7:20 PM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
>
>
> Hi Folks
>
> Every now and again (about once a month per sensor??) an argus server stops write any records and these records go to the logs (see below).
>
> My automated monitoring sees that the output file is missing and tries to restart the argus server. This fails because I try INT and this argus fails to quit. I end up having to login and hit it with a KILL. I think I will be amending the stop script to get heavy if INT does not work.
>
> Any idea the root cause of this might be? I am guessing that something might be wrapping around in 32 bits? Any thing I can do to diagnose this?
>
> Russell
>
> 2015 Jun 22 09:04:34 +12:00 secmonprd02.insec.auckland.ac.nz: argus: '22 Jun 15 09:04:07.748827 ArgusInterface timestamps wayyy out of order: now 1434920498 then 1434920498 '
> 2015 Jun 22 09:04:56 +12:00 secmonprd02.insec.auckland.ac.nz: argus: '22 Jun 15 09:04:22.150590 ArgusInterface timestamps wayyy out of order: now 1434920498 then 1434920498 '
> 2015 Jun 22 09:05:01 +12:00 secmonprd02.insec.auckland.ac.nz: argus: '22 Jun 15 09:04:43.673742 ArgusInterface timestamps wayyy out of order: now 1434920498 then 1434920498 '
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150701/bc9aa485/attachment.bin>
More information about the argus
mailing list