ratop exits with no errors (but no data)

Jesse Bowling via Argus-info argus-info at lists.andrew.cmu.edu
Mon Jan 23 10:55:39 EST 2017 

> On Jan 23, 2017, at 9:42 AM, Carter Bullard <carter at qosient.com> wrote:
> 
> Hey Jesse,
> There are lots of reasons why ratop.1 might want to disconnect from a remote data source.   Things like version incompatibility, (attaching a v3 client to a v5 data source), filter error, if there aren’t any listens available to accept the connection, if tcp-wrappers or a firewall blocks the connection, etc…. But usually ratop.1 provides a blank screen, and just sits there.

No screen, just an immediate exit unfortunately.

> 
> Assuming that ratop.1 was built correctly, and you do get a curses screen,

No guarantees on this. :)

> it maybe that the curses screen of ratop.1 is eating the debug output.  Debug messages come out at the bottom of the window.   If that is a possibility, run ratop.1 with the “ -M nocurses “ option, to see if you get a few more error messages.

Tried this and it makes no difference; it's just the same errors and an immediate exit.

> 
> Most of the time, if ratop.1 is having a problem, ra.1 would have the same problem.  How does it do ???

ra works like a champ in this situation; printing flow records to match my filter. We'll investigate the build and verify there were no missed error or warning messages.

Cheers,

Jesse

> Carter
> 
> 
>> On Jan 20, 2017, at 11:53 AM, Jesse Bowling via Argus-info <argus-info at lists.andrew.cmu.edu> wrote:
>> 
>> Hi,
>> 
>> Ran into an odd situation wherein invoking ratop results in an immediate exit and not data when pointed to an argus instance running on localhost. I can connect with ra without issue, but ratop simply exits. Here's the run:
>> 
>> # ratop -D 4 -S 127.0.0.1:561
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727713 ArgusAddHostList (0x96b68010, 127.0.0.1:561, 1, 6) returning 1
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727751 ArgusNewQueue () returning 0x1d9fcc0
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727760 ArgusNewHashTable (65536) returning 0x1d9e780
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727770 ArgusNewQueue () returning 0x1da0880
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727775 ArgusNewHashTable (65536) returning 0x1da08e0
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727779 ArgusNewQueue () returning 0x1da0920
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727784 ArgusNewQueue () returning 0x1da0980
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727787 ArgusNewQueue () returning 0x1da09e0
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727792 ArgusNewQueue () returning 0x1da0a90
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727795 ArgusNewQueue () returning 0x1da0af0
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727802 ArgusNewHashTable (1048576) returning 0x1da0b50
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727805 RaCursesNewProcess(0x96b68010) returns 0x1da0a40
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727809 ArgusNewQueue () returning 0x1da0be0
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727812 ArgusNewQueue () returning 0x1da0c40
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727818 ArgusNewHashTable (1048576) returning 0x1da0ca0
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727821 RaCursesNewProcess(0x96b68010) returns 0x1da0b90
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727825 ArgusNewQueue () returning 0x1da0d30
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727828 ArgusNewQueue () returning 0x1da0d90
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727833 ArgusNewHashTable (1048576) returning 0x1da0df0
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727837 RaCursesNewProcess(0x96b68010) returns 0x1da0ce0
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.727843 ArgusNewQueue () returning 0x1da1b20
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.729713 ArgusWindowClose () returning
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.729717 RaParseComplete(caught signal 0)
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.729888 ArgusDeleteList (0x1d9e050, 4) returning
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.729894 ArgusDeleteList (0x1d9e0f0, 4) returning
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.729898 ArgusDeleteQueue (0x1d9f680) returning
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.729988 ArgusDeleteLabeler (0x7fea96b68010, 0x1d9f530) returning
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.729993 ArgusDeleteQueue (0x1d9fcc0) returning
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.730079 ArgusDeleteHashTable (0x1d9e780)
>> ratop[26403.40c7ca96ea7f0000]: 01/20/17 11:49:48.730083 ArgusDeleteAggregator(0x7fea96b68010, 0x1d9f1e0) returned
>> # ratop -h
>> RaTop Version 3.0.8.2
>> 
>> Any hints?
>> 
>> Cheers,
>> 
>> Jesse
>> --
>> Jesse Bowling
>> 
> 

--
Jesse Bowling

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20170123/d890d60f/attachment.sig>

More information about the argus mailing list