Argus Development mailing list - Real Time Flow Monitor (RTFM) for comprehensive IP network traffic auditing

headers Richard Johnson | 17 Sep 2005 02:20

I'm using a couple of machines to handle our flow data.  One listens on the
network and runs argus.  The second runs ra to take the flow data via a
crossover cable, and store it to an array for analysis.

When running OpenBSD 3.6 i386 (32 bit intel xeon) machines on each side,
they communicate just fine.

When I swap the host running ra out for one based on OpenBSD 3.7 amd64 (64
bit -- amd opteron) with an otherwise identical ra build to the original, I
achieve only the following:

	argus on 32 bit host sends no data
	ra on 64 bit host reports "no data available", and quits

Meanwhile, the hosts can communicate freely on the crossover cable with
pings, netcat connections on various ports, ssh logins, etc.  Ergo, it's an
application layer problem that's affecting only argus->ra.

Have any of you encountered similar difficulties?

Is it insane of me to be trying 32 bit and 64 bit machines together like
this with argus 2.0.6fixes1?  If it's not totally insane, might it be
possible to work around the structure incompatibilities (which I'm just
guessing at here) by building and running a 32 bit ra on the 64 bit machine?

Your hints, guesses, and even brickbats will be greatly appreciated.

Thanks!

Richard

Mon	Tue	Wed	Thu	Fri	Sat	Sun

			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

91	May 2013
38	April 2013
75	March 2013
50	February 2013
113	January 2013
42	December 2012
49	November 2012
155	October 2012
63	September 2012
50	August 2012
30	July 2012
122	June 2012
22	May 2012
37	April 2012
53	March 2012
58	February 2012
91	January 2012
52	December 2011
17	November 2011
30	October 2011
15	September 2011
39	August 2011
49	July 2011
61	June 2011
66	May 2011
82	April 2011
48	March 2011
52	February 2011
27	January 2011
42	December 2010
35	November 2010
72	October 2010
78	September 2010
48	August 2010
102	July 2010
50	June 2010
23	May 2010
61	April 2010
40	March 2010
50	February 2010
26	January 2010
32	December 2009
72	November 2009
48	October 2009
55	September 2009
115	August 2009
66	July 2009
36	June 2009
92	May 2009
122	April 2009
116	March 2009
58	February 2009
26	January 2009
15	December 2008
3	November 2008
3	October 2008
24	September 2008
38	August 2008
50	July 2008
62	June 2008
6	May 2008
61	April 2008
90	March 2008
151	February 2008
121	January 2008
67	December 2007
61	November 2007
120	October 2007
107	September 2007
143	August 2007
44	July 2007
91	June 2007
68	May 2007
82	April 2007
141	March 2007
123	February 2007
69	January 2007
50	December 2006
79	November 2006
113	October 2006
114	September 2006
131	August 2006
96	July 2006
270	June 2006
4	May 2006
4	April 2006
40	March 2006
31	February 2006
24	January 2006
14	December 2005
2	November 2005
1	October 2005
8	September 2005
25	August 2005
1	July 2005
14	June 2005
5	May 2005
25	April 2005
24	March 2005
33	February 2005
12	January 2005
41	December 2004
33	November 2004
35	October 2004
48	September 2004
95	August 2004
45	July 2004
79	June 2004
87	May 2004
84	April 2004
17	March 2004
62	February 2004
14	January 2004
28	December 2003
14	November 2003
15	October 2003
38	September 2003
60	August 2003
28	July 2003
31	June 2003
48	May 2003
24	April 2003
39	March 2003
18	February 2003
29	January 2003
26	December 2002
41	November 2002
47	October 2002
18	September 2002
14	August 2002
23	July 2002
20	June 2002
92	May 2002
29	April 2002
56	March 2002
47	February 2002
33	January 2002
18	December 2001
91	November 2001
58	October 2001
49	September 2001
15	August 2001
49	July 2001
109	June 2001
52	May 2001
39	April 2001
99	March 2001
134	February 2001
123	January 2001
26	December 2000
59	November 2000
72	October 2000
143	September 2000
44	August 2000
81	July 2000
20	June 2000
12	May 2000
11	April 2000
63	March 2000
22	February 2000
8	January 2000
1	December 1999
6	October 1999
15	September 1999
3	August 1999
9	July 1999
12	June 1999
7	May 1999
16	April 1999
28	March 1999
9	February 1999

possible communication problem with argus on 32 bit system, ra on 64 bit system

Re: possible communication problem with argus on 32 bit system, ra on 64 bit system

Re: possible communication problem with argus on 32 bit system, ra on 64 bit system

[hhoffman <at> ip-solutions.net: [unisog] Interesting Visualization Project for Argus]

Re: [hhoffman <at> ip-solutions.net: [unisog] Interesting Visualization Project for Argus]

Argus "Internal Server Error"

Re: Argus "Internal Server Error"

Prelude 0.9 Sensor for ARGUS