Question regarding ramysql
Dave Edelman
dedelman at iname.com
Fri Nov 13 23:17:14 EST 2009
If you have an IPv4 address as a string then inet_aton(the_string) in mysql
will return an integer value.
mysql> select inet_aton('10.1.1.2');
+-----------------------+
| inet_aton('10.1.1.2') |
+-----------------------+
| 167837954 |
+-----------------------+
1 row in set (0.04 sec)
inet_ntoa(the_integer) will return an IPv4 address in dotted quad notation.
mysql> select inet_ntoa( 167837954);
+-----------------------+
| inet_ntoa( 167837954) |
+-----------------------+
| 10.1.1.2 |
+-----------------------+
1 row in set (0.01 sec)
It's a good idea to remember that the integer should be unsigned.
mysql> create table someTable (
-> ipAddr int unsigned,
-> displayAddr char(15)
-> );
Query OK, 0 rows affected (0.16 sec)
mysql> insert into someTable set displayAddr='10.1.1.2';
Query OK, 1 row affected (0.04 sec)
mysql> update sometable set ipAddr=inet_aton(displayAddr);
Query OK, 1 row affected (0.03 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> select * from sometable;
+-----------+-------------+
| ipAddr | displayAddr |
+-----------+-------------+
| 167837954 | 10.1.1.2 |
+-----------+-------------+
1 row in set (0.02 sec)
--Dave
-----Original Message-----
From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
[mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On
Behalf Of carter at qosient.com
Sent: Friday, November 13, 2009 8:33 PM
To: Bruce Hawkins;
argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu; Argus
Subject: Re: [ARGUS] Question regarding ramysql
Hey Bruce,
To see the I actual insert statement, use the '-D4' debug option. A lower
number may print them but 4 definately will. We insert addresses as
strings, because they maybe IPV4 or IPv6, or they can be ethernet addresses,
ISO addresses for some protocols, MPLS labels etc... So I don't know how to
do it without using strings.
Maybe there is a MySQL way of working with or converting them?
Carter
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: Bruce Hawkins <keta144 at msn.com>
Date: Fri, 13 Nov 2009 14:47:51
To: argus info<argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] Question regarding ramysql
ALCON,
I really appreciate all of your help. Just a quick question, how do I find
out how rasqlinsert writes each field into MYSQL (IP addresses in
particular)? Does it output as a text string? Is there a way to make the
output as an integer?
Very respectfully,
Bruce
----------------------------------------
> Subject: Re: [ARGUS] Question regarding ramysql
> From: carter at qosient.com
> Date: Tue, 10 Nov 2009 15:37:47 -0500
> CC: argus-info at lists.andrew.cmu.edu
> To: keta144 at msn.com
>
> Hey Bruce,
> Yes, you can do what you are interested in doing.
>
> This works for me:
>
> argus -r pcap.file -w - | rasqlinsert -r - -M nocurses -s +1srcid -w
mysql://user@host/db/tableName
>
> In order to get to here you have to have made, installed and configured
your
> argus and the client programs, and you have to have mysql running with a
user
> account that is usable ('root' works in a vanilla install).
>
> Argus, right out of the box will generate 5 second flow status records for
whatever
> it sees. For Argus, you will want to install an /etc/argus.conf file on
your system that
> specifies the various data types that argus can generate (mac addresses,
TC
> performance data, jitter information, etc....). For the argus-client
programs,
> you will want to have a .rarc file in your home directory that specifies
the fields
> that will be printed, and you can specify your database accounts,
passwords
> etc... if needed.
>
> The rasqlinsert() call parameters are pretty simple:
> The "-r -" is critical as it tells rasqlinsert() to read from stdin.
> The "-M nocurses" suppreses the curses screen that is normal for
rasqlinsert().
> The "-s +1srcid" is important if you are using just defaults, as
rasqlinsert()
> assumes that the srcid is going to be a part of the schema, so add it if
its
> not in your .rarc file specification for printing fields.
>
> The "-w mysql://user@host/db/tableName" all if the fields are up to you.
> user is the mysql database account to use.
> host would be "localhost" if your target mysql is running on the local
machine.
> db is the database name, it can be anything mysql will allow.
> table is the table name, it also can be anything mysql will allow.
>
> Give this a whirl and see if it works for you. And send email if you run
into any
> snags. The argus mailing list is where most of this information is buried,
so
> be sure and read that.
>
> Carter
>
> On Nov 10, 2009, at 2:15 PM, Bruce Hawkins wrote:
>
>>
>> ALCON,
>>
>> Please excuse me if there is a better process for asking this question
(or finding out my own answers).
>>
>> I am trying to make Argus read PCAP files off my computer and place the
netflow data into a SQL database.
>> What would be the easiest path to accomplish this goal? I have
rasqlinsert.
>>
>> argus -r -w <--- how do I make output to mysql?
>>
>> Do I need to create a database or am I correct by thinking that rasql
will create it's own tables. I am
>> totally newb. I will learn whatever is needed to make this happen (PHP,
MYSQL, etc).
>>
>> I am looking for an overview so I can move in the right direction.
>> I will eventually (hopefully) have more technical questions later.
>>
>> Very respectfully,
>>
>> Bruce
>>
>>
>>_________________________________________________________________
>> Find the right PC with Windows 7 and Windows Live.
>>
http://www.microsoft.com/Windows/pc-scout/laptop-set-criteria.aspx?cbid=wl&f
ilt=200,2400,10,19,1,3,1,7,50,650,2,12,0,1000&cat=1,2,3,4,5,6&brands=5,6,7,8
,9,10,11,12,13,14,15,16&addf=4,5,9&ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_
WIN_evergreen2:112009
>
>
>
_________________________________________________________________
Windows 7: Unclutter your desktop.
http://go.microsoft.com/?linkid=9690331&ocid=PID24727::T:WLMTAGL:ON:WL:en-US
:WWL_WIN_evergreen:112009
More information about the argus
mailing list