Argus on FreeBSD
Monah Baki
monahbaki at gmail.com
Tue Jul 4 13:52:57 EDT 2017
It worked :)
Thank you everyone
On Tue, Jul 4, 2017 at 1:48 PM, Eric Kinzie <eric at qosient.com> wrote:
> On Tue Jul 04 13:43:53 -0400 2017, Monah Baki wrote:
> > root at devsrvr:/usr/local/argus/sbin # ./radium -D -B 127.0.0.1:562 -P
> > 561
> > radium[983]: 13:42:45.262742 filter syntax error: '127.0.0.1:562 -P 561'
> >
> > root at devsrvr:/usr/local/argus/sbin # ./radium -D -B 127.0.0.1:562
> > radium[985]: 13:42:49.428180 filter syntax error: '127.0.0.1:562'
> >
> > root at devsrvr:/usr/local/argus/sbin # ./radium -D -B 127.0.0.1
> > radium[987]: 13:42:51.597379 filter syntax error: '127.0.0.1'
>
>
> Try: radium -X -S localhost:562 -P 561 -B 127.0.0.1
>
> I think the "-D" with no value was confusing things.
>
>
> > On Tue, Jul 4, 2017 at 1:29 PM, Eric Kinzie <eric at qosient.com> wrote:
> >
> > > On Tue Jul 04 13:22:58 -0400 2017, Carter Bullard wrote:
> > > > Hmmm, it does seem very confusing … I suspect you have a few too many
> > > radium running …. Important to run only one you know ….
> > > >
> > > > So, the ArgusInfo is coming from what, argus ???? So radium isn’t
> > > compiled with debug turned on ??? (Create a .debug file in the client
> root
> > > directory, ./configure, make etc. ) ...
> > > >
> > > > Hope you have a great holiday.
> > > > Carter
> > >
> > >
> > > When I tried this on freebsd, getaddrinfo() returned AF_INET6 for
> > > the address family in the first result. "localhost" resolves to
> > > 127.0.0.1. This is most likely the problem. Add "-B 127.0.0.1"
> > > or similar to the radium command line to get an IPv4 listener.
> > >
> > > Eric
> > >
> > >
> > >
> > > > > On Jul 4, 2017, at 1:14 PM, Monah Baki <monahbaki at gmail.com>
> wrote:
> > > > >
> > > > > root at devsrvr:/usr/local/argus/sbin # ./radium -XD 4 -S
> > > localhost:562 -P 561
> > > > > ArgusInfo: 04 Jul 17 13:14:01.449596 connect from localhost
> > > > >
> > > > >
> > > > > On Tue, Jul 4, 2017 at 1:12 PM, Carter Bullard <carter at qosient.com
> > > <mailto:carter at qosient.com>> wrote:
> > > > > Hey Monah,
> > > > > Seems like its not either in this case. I suspect either a
> firewall
> > > rule or a tcp_wrappers issue.
> > > > > You can run radium with -D4 and not the “-d” and let radium tell
> you
> > > want it going on ???
> > > > >
> > > > > ./radium -XD 4 -S localhost:562 -P 561
> > > > >
> > > > > Carter
> > > > >
> > > > >> On Jul 4, 2017, at 1:08 PM, Monah Baki <monahbaki at gmail.com
> <mailto:
> > > monahbaki at gmail.com>> wrote:
> > > > >>
> > > > >> root at devsrvr:/usr/local/argus/bin # cat /etc/radium.conf
> > > > >> RADIUM_CLASSIFIER_FILE=/etc/ralabel.conf
> > > > >>
> > > > >>
> > > > >> Added the -X per your request,no luck.
> > > > >>
> > > > >> root at devsrvr:/usr/local/argus/bin # ps -ax
> > > > >> 59324 - Ss 0:00.39 ./radium -XS localhost:562 -P 561 -d
> > > > >> 59241 0 S 0:01.43 ./argus -s -m -U 256 -i em0 -P 562 -d
> > > > >>
> > > > >>
> > > > >> No results while running, but still getting results on 562
> > > > >> ./ratop -S localhost:561 -s time saddr sport daddr dport sco dco
> > > suser:45 duser:30
> > > > >>
> > > > >> Monah
> > > > >>
> > > > >> On Tue, Jul 4, 2017 at 1:00 PM, Carter Bullard <
> carter at qosient.com
> > > <mailto:carter at qosient.com>> wrote:
> > > > >> Sure there isn’t an /etc/radium.conf file ??
> > > > >> Just to be sure, try putting a ‘X’ as the first argument to
> radium.
> > > > >>
> > > > >> ./radium -XS localhost:562 -P 561 -d
> > > > >>
> > > > >> Carter
> > > > >>
> > > > >>> On Jul 4, 2017, at 12:31 PM, Monah Baki <monahbaki at gmail.com
> > > <mailto:monahbaki at gmail.com>> wrote:
> > > > >>>
> > > > >>> Hi Carter,
> > > > >>>
> > > > >>> This is what I am running (argus, radium and ratop) on the
> freebsd
> > > locally:
> > > > >>>
> > > > >>> ./argus -s -m -U 256 -i em0 -P 562 -d
> > > > >>> ./radium -S localhost:562 -P 561 -d
> > > > >>>
> > > > >>> Now if I run on the freebsd locally:
> > > > >>> ./ratop -S localhost:562
> > > > >>> I get results
> > > > >>>
> > > > >>> Else if I run
> > > > >>> ./ratop -S localhost:561
> > > > >>> No results
> > > > >>>
> > > > >>> Also if I run:
> > > > >>> ./ratop -S 192.168.1.253:561 <http://192.168.1.253:561/>
> > > > >>> No results
> > > > >>>
> > > > >>> I get none
> > > > >>>
> > > > >>> Thanks
> > > > >>> Monah
> > > > >>>
> > > > >>>
> > > > >>> On Tue, Jul 4, 2017 at 11:53 AM, Carter Bullard <
> carter at qosient.com
> > > <mailto:carter at qosient.com>> wrote:
> > > > >>> You need to BIND to localhost, if you want to access via
> localhost.
> > > If BIND is to a specific address, you’ll need to “-S “ to the
> address. If
> > > you want to access from localhost and the specific IP address, don’t
> use
> > > BIND … use a firewall to control who can get to argus or radium. With
> > > radium and argus running together, usually argus BINDS to localhost, so
> > > anything external to the machine has to go through radium.
> > > > >>>
> > > > >>> The v6 vs v4 shouldn't really be an issue, both argus and radium
> put
> > > down a “generic” listen down on the port (layer 4), which the os can
> > > support on any transport layer it likes (layer 3), so either v4 or v6
> works
> > > fine.
> > > > >>>
> > > > >>> All clients will try both v6 and v4 when it tries to get a
> > > connection, this is controlled by the os, so it shouldn’t matter.
> > > > >>>
> > > > >>> Hope all is most excellent,
> > > > >>> Carter
> > > > >>>
> > > > >>>
> > > > >>>> On Jul 4, 2017, at 11:38 AM, Monah Baki <monahbaki at gmail.com
> > > <mailto:monahbaki at gmail.com>> wrote:
> > > > >>>>
> > > > >>>> root radium 49424 3 tcp6 *:561 *:*
> > > > >>>>
> > > > >>>>
> > > > >>>> On Tue, Jul 4, 2017 at 11:37 AM, mike tancsa <mike at sentex.ca
> > > <mailto:mike at sentex.ca>> wrote:
> > > > >>>>
> > > > >>>> Try
> > > > >>>> sockstat | grep 561
> > > > >>>>
> > > > >>>> to see what is bound on port 561 as it does not seem to be argus
> > > > >>>>
> > > > >>>> ---Mike
> > > > >>>>
> > > > >>>> On 7/4/2017 11:29 AM, Monah Baki wrote:
> > > > >>>> > root argus 49407 3 tcp4 192.168.1.253:562 <
> > > http://192.168.1.253:562/>
> > > > >>>> > <http://192.168.1.253:562 <http://192.168.1.253:562/>>
> *:*
> > > > >>>> > root argus 49407 6 udp4 *:* *:*
> > > > >>>> > root argus 49407 7 tcp4 192.168.1.253:562 <
> > > http://192.168.1.253:562/>
> > > > >>>> > <http://192.168.1.253:562 <http://192.168.1.253:562/>>
> > > 192.168.1.253:40196 <http://192.168.1.253:40196/>
> > > > >>>> > <http://192.168.1.253:40196 <http://192.168.1.253:40196/>>
> > > > >>>> >
> > > > >>>> >
> > > > >>>> > In my argus.conf, I did specify the IP address to bind to.
> > > > >>>> > ARGUS_BIND_IP="192.168.1.253"
> > > > >>>> >
> > > > >>>> >
> > > > >>>> >
> > > > >>>> > Thanks
> > > > >>>> > Monah
> > > > >>>> >
> > > > >>>> > On Tue, Jul 4, 2017 at 11:07 AM, Mike Tancsa <mike at sentex.net
> > > <mailto:mike at sentex.net>
> > > > >>>> > <mailto:mike at sentex.net <mailto:mike at sentex.net>>> wrote:
> > > > >>>> >
> > > > >>>> > On 7/3/2017 11:42 AM, Monah Baki wrote:
> > > > >>>> > >
> > > > >>>> > > Compiled yesterday argus 3.0.8.2 on FreeBSD
> > > 10.3-RELEASE-p18. I noticed
> > > > >>>> > > that running:
> > > > >>>> > >
> > > > >>>> > > netstat -an
> > > > >>>> > > tcp4 0 0 *.562
> > > > >>>> > > tcp6 0 0 *.561
> > > > >>>> >
> > > > >>>> > > Is it possible that tcp6 might be the issue, not sure
> why
> > > it's running
> > > > >>>> > > on tcp6 when in my rc.cong I have the following:
> > > > >>>> > I usually tell it to bind to a specific IP in my argus
> config
> > > to make it
> > > > >>>> > more predictable. But what does
> > > > >>>> >
> > > > >>>> > sockstat | grep argus
> > > > >>>> >
> > > > >>>> > show ?
> > > > >>>> >
> > > > >>>> > ---Mike
> > > > >>>> >
> > > > >>>> >
> > > > >>>> > --
> > > > >>>> > -------------------
> > > > >>>> > Mike Tancsa, tel +1 519 651 3400
> > > <tel:%2B1%20519%20651%203400> <tel:%2B1%20519%20651%203400
> > > <tel:%2B1%20519%20651%203400>>
> > > > >>>> > Sentex Communications, mike at sentex.net <mailto:
> > > mike at sentex.net> <mailto:mike at sentex.net <mailto:mike at sentex.net>>
> > > > >>>> > Providing Internet services since 1994 www.sentex.net <
> > > http://www.sentex.net/>
> > > > >>>> > <http://www.sentex.net <http://www.sentex.net/>>
> > > > >>>> > Cambridge, Ontario Canada http://www.tancsa.com/ <
> > > http://www.tancsa.com/>
> > > > >>>> >
> > > > >>>> >
> > > > >>>>
> > > > >>>>
> > > > >>>
> > > > >>>
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > >
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20170704/d129fa52/attachment.html>
More information about the argus
mailing list