Question regarding ramysql

Carter Bullard carter at qosient.com
Tue Nov 10 15:37:47 EST 2009 

Hey Bruce,
Yes, you can do what you are interested in doing.

This works for me:

   argus -r pcap.file -w - | rasqlinsert -r - -M nocurses -s +1srcid -w mysql://user@host/db/tableName

In order to get to here you have to have made, installed and configured your
argus and the client programs, and you have to have mysql running with a user
account that is usable ('root' works in a vanilla install).

Argus, right out of the box will generate 5 second flow status records for whatever
it sees.  For Argus, you will want to install an /etc/argus.conf file on your system that
specifies the various data types that argus can generate (mac addresses, TC
 performance data, jitter information, etc....).  For the argus-client programs, 
you will want to have a .rarc file in your home directory that specifies the fields
that will be printed, and you can specify your database accounts, passwords
etc... if needed.

The rasqlinsert() call parameters are pretty simple:
   The "-r -" is critical as it tells rasqlinsert() to read from stdin.
   The "-M nocurses" suppreses the curses screen that is normal for rasqlinsert().
   The "-s +1srcid" is important if you are using just defaults, as rasqlinsert()
      assumes that the srcid is going to be a part of the schema, so add it if its
      not in your .rarc file specification for printing fields.

   The "-w mysql://user@host/db/tableName"  all if the fields are up to you.
      user is the mysql database account to use.
      host would be "localhost" if your target mysql is running on the local machine.
      db is the database name, it can be anything mysql will allow.
      table is the table name, it also can be anything mysql will allow.

Give this a whirl and see if it works for you.  And send email if you run into any
snags.  The argus mailing list is where most of this information is buried, so 
be sure and read that.

Carter

On Nov 10, 2009, at 2:15 PM, Bruce Hawkins wrote:

> 
> ALCON,
> 
> Please excuse me if there is a better process for asking this question (or finding out my own answers). 
> 
> I am trying to make Argus read PCAP files off my computer and place the netflow data into a SQL database. 
> What would be the easiest path to accomplish this goal? I have rasqlinsert.
>  
> argus -r -w <--- how do I make output to mysql?
> 
> Do I need to create a database or am I correct by thinking that rasql will create it's own tables. I am 
> totally newb. I will learn whatever is needed to make this happen (PHP, MYSQL, etc). 
> 
> I am looking for an overview so I can move in the right direction. 
> I will eventually (hopefully) have more technical questions later. 
> 
> Very respectfully,
> 
> Bruce
> 
> 		 	   		  
> _________________________________________________________________
> Find the right PC with Windows 7 and Windows Live. 
> http://www.microsoft.com/Windows/pc-scout/laptop-set-criteria.aspx?cbid=wl&filt=200,2400,10,19,1,3,1,7,50,650,2,12,0,1000&cat=1,2,3,4,5,6&brands=5,6,7,8,9,10,11,12,13,14,15,16&addf=4,5,9&ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_evergreen2:112009



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091110/27975a21/attachment.bin>

More information about the argus mailing list