Some argus client IPFIX experiments.
Richard Rothwell via Argus-info
argus-info at lists.andrew.cmu.edu
Wed Jul 6 19:06:33 EDT 2016
Hi Carter,
FYI
[rgr at vic-crlt-gloriad1 ~]$ ra -D 10 -S ipfix-udp://any:9412
ra[17539.00a72180837f0000]: 22:50:55.915142 ArgusCalloc (1, 461728) returning 0x80064010
ra[17539.00a72180837f0000]: 22:50:55.915189 ArgusAddToQueue (0x1c64190, 0x7f8380064010) returning 1
ra[17539.00a72180837f0000]: 22:50:55.915197 ArgusAddHostList (0x800d5010, ipfix-udp://any:9412, 64, 132) returning 1
ra[17539.00a72180837f0000]: 22:50:55.915241 main: reading files completed
ra[17539.00a72180837f0000]: 22:50:55.915262 ArgusCalloc (1, 80) returning 0x1c64830
ra[17539.00a72180837f0000]: 22:50:55.915269 ArgusNewQueue () returning 0x1c64830
ra[17539.00a72180837f0000]: 22:50:55.915277 ArgusPopQueue (0x1c64190) returning 0x7f8380064010
ra[17539.00a72180837f0000]: 22:50:55.915288 ArgusGetServerSocket (0x7f8380064010) returning -1
ra[17539.00a72180837f0000]: 22:50:55.915296 ArgusAddToQueue (0x1c64830, 0x7f8380064010) returning 1
ra[17539.00a72180837f0000]: 22:50:55.915303 ArgusPopQueue (0x1c64190) returning (nil)
ra[17539.00a72180837f0000]: 22:50:55.915309 ArgusPopQueue (0x1c64830) returning 0x7f8380064010
ra[17539.00a72180837f0000]: 22:50:55.915316 ArgusAddToQueue (0x1c64190, 0x7f8380064010) returning 1
ra[17539.00a72180837f0000]: 22:50:55.915322 ArgusPopQueue (0x1c64830) returning (nil)
ra[17539.00a72180837f0000]: 22:50:55.915328 ArgusPopQueue (0x1c64830) returning (nil)
ra[17539.00a72180837f0000]: 22:50:55.915336 ArgusFree (0x1c64830)
ra[17539.00a72180837f0000]: 22:50:55.915342 ArgusDeleteQueue (0x1c64830) returning
ra[17539.00a72180837f0000]: 22:50:55.915358 ArgusShutDown (0)
ra[17539.00a72180837f0000]: 22:50:55.915364 ArgusPopQueue (0x1c64190) returning 0x7f8380064010
ra[17539.00a72180837f0000]: 22:50:55.915381 ArgusFree (0x7f8380064010)
ra[17539.00a72180837f0000]: 22:50:55.915390 ArgusPopQueue (0x1c64190) returning (nil)
ra[17539.00a72180837f0000]: 22:50:55.915397 ArgusFree (0x1c64190)
ra[17539.00a72180837f0000]: 22:50:55.915402 ArgusDeleteQueue (0x1c64190) returning
ra[17539.00a72180837f0000]: 22:50:55.915408 ArgusPopQueue (0x1c641f0) returning (nil)
ra[17539.00a72180837f0000]: 22:50:55.915414 ArgusPopQueue (0x1c641f0) returning (nil)
ra[17539.00a72180837f0000]: 22:50:55.915420 ArgusFree (0x1c641f0)
ra[17539.00a72180837f0000]: 22:50:55.915426 ArgusDeleteQueue (0x1c641f0) returning
ra[17539.00a72180837f0000]: 22:50:55.915432 RaParseComplete(caught signal 0)
ra[17539.00a72180837f0000]: 22:50:55.915437 ArgusWindowClose () returning
ra[17539.00a72180837f0000]: 22:50:55.915443 RaParseComplete(caught signal 0)
ra[17539.00a72180837f0000]: 22:50:55.915449 RaParseComplete(caught signal 0)
ra[17539.00a72180837f0000]: 22:50:55.915454 ArgusShutDown (0)
ra[17539.00a72180837f0000]: 22:50:55.915460 ArgusPopQueue ((nil)) returning (nil)
ra[17539.00a72180837f0000]: 22:50:55.915465 ArgusPopQueue ((nil)) returning (nil)
ra[17539.00a72180837f0000]: 22:50:55.916554 ArgusFree (0x1c64050)
ra[17539.00a72180837f0000]: 22:50:55.916567 ArgusDeleteList (0x1c64050, 4) returning
ra[17539.00a72180837f0000]: 22:50:55.916574 ArgusFree (0x1c640f0)
ra[17539.00a72180837f0000]: 22:50:55.916579 ArgusDeleteList (0x1c640f0, 4) returning
AND
[rgr at vic-crlt-gloriad1 ~]$ ra -D 10 -S cisco://any:9412
ra[18825.0047a554fc7e0000]: 23:00:50.048309 ArgusCalloc (1, 461728) returning 0x5489e010
ra[18825.0047a554fc7e0000]: 23:00:50.048356 ArgusAddToQueue (0x1894190, 0x7efc5489e010) returning 1
ra[18825.0047a554fc7e0000]: 23:00:50.048379 ArgusAddHostList (0x5490f010, cisco://any:9412, 16, 17) returning 1
ra[18825.0047a554fc7e0000]: 23:00:50.048391 main: reading files completed
ra[18825.0047a554fc7e0000]: 23:00:50.048398 ArgusCalloc (1, 80) returning 0x18947d0
ra[18825.0047a554fc7e0000]: 23:00:50.048404 ArgusNewQueue () returning 0x18947d0
ra[18825.0047a554fc7e0000]: 23:00:50.048411 ArgusPopQueue (0x1894190) returning 0x7efc5489e010
ra[18825]: 23:00:50.048453 Binding AF_ANY:9412 Expecting Netflow records
ra[18825.0047a554fc7e0000]: 23:00:50.049400 receiving
ra[18825.0047a554fc7e0000]: 23:00:50.049414 ArgusGetServerSocket (0x7efc5489e010) returning 3
ra[18825.0047a554fc7e0000]: 23:00:50.049454 ArgusCalloc (1, 4194304) returning 0x5449d010
ra[18825.0047a554fc7e0000]: 23:00:50.049480 ArgusCalloc (1, 262144) returning 0x5445c010
ra[18825.0047a554fc7e0000]: 23:00:50.061428 ArgusInitAddrtoname (0x7efc5490f010, 0x0, 0x0)
ra[18825.0047a554fc7e0000]: 23:00:50.061448 ArgusParseInit(0x7efc5490f010 0x7efc5489e010
ra[18825.0047a554fc7e0000]: 23:00:50.061455 ArgusReadConnection(0x5489e010, 2) reading cisco wire format
ra[18825.0047a554fc7e0000]: 23:00:50.061467 ArgusReadConnection(0x5489e010, 2) returning 0
ra[18825.0047a554fc7e0000]: 23:00:50.064181 ArgusHandleRecord (0x7efc5489e228, 0x7efc54a30808) returning -1
ra[18825.0047a554fc7e0000]: 23:00:50.064213 ArgusAddToQueue (0x18941f0, 0x7efc5489e010) returning 1
ra[18825.0047a554fc7e0000]: 23:00:50.064221 ArgusPopQueue (0x1894190) returning (nil)
ra[18825.0047a554fc7e0000]: 23:00:50.064227 ArgusPopQueue (0x18947d0) returning (nil)
ra[18825.0047a554fc7e0000]: 23:00:50.064234 ArgusPopQueue (0x18947d0) returning (nil)
ra[18825.0047a554fc7e0000]: 23:00:50.064243 ArgusFree (0x18947d0)
ra[18825.0047a554fc7e0000]: 23:00:50.064249 ArgusDeleteQueue (0x18947d0) returning
ra[18825.0047a554fc7e0000]: 23:00:50.064257 ArgusReadStream(0x7efc5490f010) starting
ra[18825.0047a554fc7e0000]: 23:00:50.314567 ArgusAdjustGlobalTime real 1467846050.314565 global 1467846050.314565
ra[18825.0047a554fc7e0000]: 23:00:50.564987 ArgusAdjustGlobalTime real 1467846050.564985 global 1467846050.564985
ra[18825.0047a554fc7e0000]: 23:00:50.726876 ArgusAdjustGlobalTime real 1467846050.726875 global 1467846050.726875
ra[18825.0047a554fc7e0000]: 23:00:50.726924 ArgusReadCiscoDatagramSocket (0x5489e010) starting
ra[18825.0047a554fc7e0000]: 23:00:50.726935 ArgusCalloc (1, 80) returning 0x18947d0
ra[18825.0047a554fc7e0000]: 23:00:50.726943 ArgusNewQueue () returning 0x18947d0
ra[18825.0047a554fc7e0000]: 23:00:50.726963 ArgusReadCiscoDatagramSocket (0x7efc5489e010) read 52 bytes, capacity 52
ra[18825.0047a554fc7e0000]: 23:00:50.726970 ArgusReadCiscoDatagramSocket (0x7efc5490f010, 0x7efc5489e010) read record header
ra[18825.0047a554fc7e0000]: 23:00:50.726977 ArgusReadCiscoStreamSocket (0x7efc5449d010) unknown header version 10
Segmentation fault (core dumped)
Looks like the cisco protocol can make the connection, but it fails when it sees the IPFIX header.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160706/eeb71258/attachment.html>
More information about the argus
mailing list