mysql stime

Fri Oct 23 09:44:11 EDT 2009

Hey Sean,
Mysql does not support time comparisons that include the fractional part, so we store the time as UTC Unix time.
rasql supports the "-t time" option and does the appropriate conversion.

You can specify the format to use when printing attributes using mysql().  I believe mysql() can convert from this format to TIMESTAMP, but not the converse?

Carter

Carter
------Original Message------
From: Sean Malone
Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
To: Argus
Subject: [ARGUS] mysql stime
Sent: Oct 23, 2009 6:37 AM

Hello all,

I"m trying to use Argus to capture network traffic and store the results in a mysql database. Works pretty good but I'm confused about something.  When I do a ra dump of the data.  It looks like the following:

   18:47:31.272841  e         udp       192.168.1.89.49383     ->      150.199.178.1.domain        1         91   INT
   18:47:31.303476  e         udp      150.199.178.1.domain    ->       192.168.1.89.49383         1        403   INT

However the data in the mysql table looks like the following:

   1256239498.33  e         udp       192.168.1.89.49383     ->      150.199.178.1.domain        1         91   INT
   1256239498.36  e         udp      150.199.178.1.domain    ->       192.168.1.89.49383         1        403   INT

How can I do a sql search for packets based on stime if mysql database looks like above? Or how can I write the data to a mysql database and have the time look like an ra dump?  

 The mysql table was generated by rasqlinsert.  

Thanks.

Sean

Sent from my Verizon Wireless BlackBerry