Argus on FreeBSD

Monah Baki monahbaki at gmail.com
Tue Jul 4 13:08:33 EDT 2017 

root at devsrvr:/usr/local/argus/bin # cat /etc/radium.conf
RADIUM_CLASSIFIER_FILE=/etc/ralabel.conf


Added the -X per your request,no luck.

root at devsrvr:/usr/local/argus/bin # ps -ax
59324  -  Ss      0:00.39 ./radium -XS localhost:562 -P 561 -d
59241  0  S       0:01.43 ./argus -s -m -U 256 -i em0 -P 562 -d


No results while running, but still getting results on 562
 ./ratop -S localhost:561 -s time saddr sport daddr dport sco dco suser:45
duser:30

Monah

On Tue, Jul 4, 2017 at 1:00 PM, Carter Bullard <carter at qosient.com> wrote:

> Sure there isn’t an /etc/radium.conf file ??
> Just to be sure, try putting a ‘X’ as the first argument to radium.
>
>    ./radium -XS localhost:562 -P 561 -d
>
> Carter
>
> On Jul 4, 2017, at 12:31 PM, Monah Baki <monahbaki at gmail.com> wrote:
>
> Hi Carter,
>
> This is what I am running (argus, radium and ratop) on the freebsd locally:
>
>  ./argus -s -m -U 256 -i em0 -P 562 -d
>  ./radium -S localhost:562 -P 561 -d
>
> Now if I run on the freebsd locally:
>  ./ratop -S localhost:562
> I get results
>
> Else if I run
>  ./ratop -S localhost:561
> No results
>
> Also if I run:
> ./ratop -S 192.168.1.253:561
> No results
>
> I get none
>
> Thanks
> Monah
>
>
> On Tue, Jul 4, 2017 at 11:53 AM, Carter Bullard <carter at qosient.com>
> wrote:
>
>> You need to BIND to localhost, if you want to access via localhost.  If
>> BIND is to a specific address, you’ll need to “-S “ to the address.  If you
>> want to access from localhost and the specific IP address, don’t use BIND …
>> use a firewall to control who can get to argus or radium.  With radium and
>> argus running together, usually argus BINDS to localhost, so anything
>> external to the machine has to go through radium.
>>
>> The v6 vs v4 shouldn't really be an issue, both argus and radium put down
>> a “generic” listen down on the port (layer 4), which the os can support on
>> any transport layer it likes (layer 3), so either v4 or v6 works fine.
>>
>> All clients will try both v6 and v4 when it tries to get a connection,
>> this is controlled by the os, so it shouldn’t matter.
>>
>> Hope all is most excellent,
>> Carter
>>
>>
>> On Jul 4, 2017, at 11:38 AM, Monah Baki <monahbaki at gmail.com> wrote:
>>
>> root     radium     49424 3  tcp6   *:561                 *:*
>>
>>
>> On Tue, Jul 4, 2017 at 11:37 AM, mike tancsa <mike at sentex.ca> wrote:
>>
>>>
>>> Try
>>> sockstat | grep 561
>>>
>>> to see what is bound on port 561 as it does not seem to be argus
>>>
>>>         ---Mike
>>>
>>> On 7/4/2017 11:29 AM, Monah Baki wrote:
>>> > root     argus      49407 3  tcp4   192.168.1.253:562
>>> > <http://192.168.1.253:562>     *:*
>>> > root     argus      49407 6  udp4   *:*                   *:*
>>> > root     argus      49407 7  tcp4   192.168.1.253:562
>>> > <http://192.168.1.253:562>     192.168.1.253:40196
>>> > <http://192.168.1.253:40196>
>>> >
>>> >
>>> > In my argus.conf, I did specify the IP address to bind to.
>>> > ARGUS_BIND_IP="192.168.1.253"
>>> >
>>> >
>>> >
>>> > Thanks
>>> > Monah
>>> >
>>> > On Tue, Jul 4, 2017 at 11:07 AM, Mike Tancsa <mike at sentex.net
>>> > <mailto:mike at sentex.net>> wrote:
>>> >
>>> >     On 7/3/2017 11:42 AM, Monah Baki wrote:
>>> >     >
>>> >     > Compiled yesterday argus 3.0.8.2 on FreeBSD 10.3-RELEASE-p18. I
>>> noticed
>>> >     > that running:
>>> >     >
>>> >     > netstat -an
>>> >     > tcp4       0      0 *.562
>>> >     > tcp6       0      0 *.561
>>> >
>>> >     > Is it possible that tcp6 might be the issue, not sure why it's
>>> running
>>> >     > on tcp6 when in my rc.cong I have the following:
>>> >     I usually tell it to bind to a specific IP in my argus config to
>>> make it
>>> >     more predictable. But what does
>>> >
>>> >     sockstat | grep argus
>>> >
>>> >     show ?
>>> >
>>> >             ---Mike
>>> >
>>> >
>>> >     --
>>> >     -------------------
>>> >     Mike Tancsa, tel +1 519 651 3400 <tel:%2B1%20519%20651%203400
>>> <%2B1%20519%20651%203400>>
>>> >     Sentex Communications, mike at sentex.net <mailto:mike at sentex.net>
>>> >     Providing Internet services since 1994 www.sentex.net
>>> >     <http://www.sentex.net>
>>> >     Cambridge, Ontario Canada   http://www.tancsa.com/
>>> >
>>> >
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20170704/32077205/attachment.html>

More information about the argus mailing list