Question regarding ramysql

carter at qosient.com carter at qosient.com
Sat Nov 14 11:13:40 EST 2009 

Hey Bruce,
And, you can always get mysql to describe the database table schema that rasqlinsert() generates: 

   <mysql> desc tableName 

Carter 

Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: carter at qosient.com
Date: Sat, 14 Nov 2009 01:33:30 
To: Bruce Hawkins<keta144 at msn.com>; <argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu>; Argus<argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] Question regarding ramysql

Hey Bruce,
To see the I actual insert statement, use the '-D4' debug option.  A lower number may print them but 4 definately will.  We insert addresses as strings, because they maybe IPV4 or IPv6, or they can be ethernet addresses, ISO addresses for some protocols, MPLS labels etc...  So I don't know how to do it without using strings.
 
Maybe there is a MySQL way of working with or converting them?

Carter
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Bruce Hawkins <keta144 at msn.com>
Date: Fri, 13 Nov 2009 14:47:51 
To: argus info<argus-info at lists.andrew.cmu.edu>
Subject: Re: [ARGUS] Question regarding ramysql


ALCON, 

I really appreciate all of your help.  Just a quick question, how do I find out how rasqlinsert writes each field into MYSQL (IP addresses in particular)? Does it output as a text string?  Is there a way to make the output as an integer?

Very respectfully,
Bruce

----------------------------------------
> Subject: Re: [ARGUS] Question regarding ramysql
> From: carter at qosient.com
> Date: Tue, 10 Nov 2009 15:37:47 -0500
> CC: argus-info at lists.andrew.cmu.edu
> To: keta144 at msn.com
>
> Hey Bruce,
> Yes, you can do what you are interested in doing.
>
> This works for me:
>
> argus -r pcap.file -w - | rasqlinsert -r - -M nocurses -s +1srcid -w mysql://user@host/db/tableName
>
> In order to get to here you have to have made, installed and configured your
> argus and the client programs, and you have to have mysql running with a user
> account that is usable ('root' works in a vanilla install).
>
> Argus, right out of the box will generate 5 second flow status records for whatever
> it sees. For Argus, you will want to install an /etc/argus.conf file on your system that
> specifies the various data types that argus can generate (mac addresses, TC
> performance data, jitter information, etc....). For the argus-client programs,
> you will want to have a .rarc file in your home directory that specifies the fields
> that will be printed, and you can specify your database accounts, passwords
> etc... if needed.
>
> The rasqlinsert() call parameters are pretty simple:
> The "-r -" is critical as it tells rasqlinsert() to read from stdin.
> The "-M nocurses" suppreses the curses screen that is normal for rasqlinsert().
> The "-s +1srcid" is important if you are using just defaults, as rasqlinsert()
> assumes that the srcid is going to be a part of the schema, so add it if its
> not in your .rarc file specification for printing fields.
>
> The "-w mysql://user@host/db/tableName" all if the fields are up to you.
> user is the mysql database account to use.
> host would be "localhost" if your target mysql is running on the local machine.
> db is the database name, it can be anything mysql will allow.
> table is the table name, it also can be anything mysql will allow.
>
> Give this a whirl and see if it works for you. And send email if you run into any
> snags. The argus mailing list is where most of this information is buried, so
> be sure and read that.
>
> Carter
>
> On Nov 10, 2009, at 2:15 PM, Bruce Hawkins wrote:
>
>>
>> ALCON,
>>
>> Please excuse me if there is a better process for asking this question (or finding out my own answers).
>>
>> I am trying to make Argus read PCAP files off my computer and place the netflow data into a SQL database.
>> What would be the easiest path to accomplish this goal? I have rasqlinsert.
>>
>> argus -r -w <--- how do I make output to mysql?
>>
>> Do I need to create a database or am I correct by thinking that rasql will create it's own tables. I am
>> totally newb. I will learn whatever is needed to make this happen (PHP, MYSQL, etc).
>>
>> I am looking for an overview so I can move in the right direction.
>> I will eventually (hopefully) have more technical questions later.
>>
>> Very respectfully,
>>
>> Bruce
>>
>>
>>_________________________________________________________________
>> Find the right PC with Windows 7 and Windows Live.
>> http://www.microsoft.com/Windows/pc-scout/laptop-set-criteria.aspx?cbid=wl&filt=200,2400,10,19,1,3,1,7,50,650,2,12,0,1000&cat=1,2,3,4,5,6&brands=5,6,7,8,9,10,11,12,13,14,15,16&addf=4,5,9&ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_evergreen2:112009
>
>
>
 		 	   		  
_________________________________________________________________
Windows 7: Unclutter your desktop.
http://go.microsoft.com/?linkid=9690331&ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_evergreen:112009

More information about the argus mailing list