Inserting AS Number and Label To DB

Carter Bullard carter at qosient.com
Mon Sep 14 10:17:00 EDT 2009 

Hey CS Lee,
    Fixed!!
Carter

On Sep 13, 2009, at 11:21 AM, CS Lee wrote:

> hi Carter,
>
> From my previous example, ralabel is working alright as you can see  
> it shows the right sas and das -
>
>            SrcAddr            DstAddr   sAS   dAS
>      114.47.198.87      192.168.1.153  3462
>     218.175.209.38      192.168.1.153  3462
>      202.76.223.75      192.168.1.153  2516
>    218.173.107.206      192.168.1.153  3462
>      192.168.1.153       75.30.77.120        7132
>      192.168.1.153        58.3.27.159        7679
>
> The only problem is when inserting into DB with rasqlinsert, it is  
> incorrect and it has 0-255, that looks to be the problem with the  
> sas/das variable type -
>
> echo 'desc ralabel' | mysql -u root argusdb
> Field    Type    Null    Key    Default    Extra
> stime    double(18,6) unsigned    NO        NULL
> flgs    varchar(32)    YES        NULL
> proto    varchar(16)    NO        NULL
> saddr    varchar(64)    NO        NULL
> sport    varchar(10)    NO        NULL
> dir    varchar(3)    YES        NULL
> daddr    varchar(64)    NO        NULL
> dport    varchar(10)    NO        NULL
> pkts    bigint(20)    YES        NULL
> bytes    bigint(20)    YES        NULL
> state    varchar(32)    YES        NULL
> sas    tinyint(3) unsigned    YES        NULL
> das    tinyint(3) unsigned    YES        NULL
> label    varchar(4098)    YES        NULL
> record    blob    YES        NULL
>
> Since it is tinyint and unsigned, it can store 0-255 because it is 1  
> byte only, while the asn is 16/32 bits so it is larger than that.
>
> Thanks!
>
> On Sun, Sep 13, 2009 at 9:19 PM, Carter Bullard <carter at qosient.com>  
> wrote:
> All of that is controlled by your ralabel.conf file.
> What does that look like?
> Carter
>
> On Sep 13, 2009, at 1:36 AM, CS Lee wrote:
>
>> hi Carter,
>>
>> I try this out and ralabel seems to work correctly -
>>
>> ralabel -S localhost -f ralabel.conf -L0 -s saddr daddr sas das  
>> label:64
>>            SrcAddr            DstAddr   sAS    
>> dAS                                                            Label
>>      192.168.1.153       218.88.17.13         
>> 4134                      dcity=Chengdu,32,China,30.666700,104.066597
>>       210.24.205.7      192.168.1.153  4628                        
>> scity=Singapore,00,Singapore,1.293100,103.855797
>>      192.168.1.153    218.163.175.176         
>> 3462                      dcity=Taipei,03,Taiwan,25.039200,121.525002
>>      192.168.1.153    202.103.208.247         
>> 4134                      dcity=Nanning,16,China,22.816700,108.316597
>>      192.168.1.153     219.139.201.80         
>> 4134                        dcity=Wuhan,12,China,30.583300,114.266701
>>      192.168.1.153     220.253.11.150        4854                
>> dcity=Melbourne,07,Australia,-37.816700,144.966705
>>
>> Then I would like to insert AS Number and Label to the db with -
>>
>> ralabel -S localhost -f ralabel.conf -w - | rasqlinsert -r - -w mysql://root@localhost/argusdb/ralabel 
>>  -m none -s +sas +das +label
>>
>> While the label is inserted correctly, the AS Number seems to be  
>> wrong, I would really like the asn data to be in the database -
>>
>> SELECT saddr, daddr, sas, das, label FROM ralabel limit 10;
>> +-----------------+----------------+------+------ 
>> +--------------------------------------------------------+
>> | saddr           | daddr          | sas  | das  |  
>> label                                                  |
>> +-----------------+----------------+------+------ 
>> +--------------------------------------------------------+
>> | 192.168.1.153   | 60.62.64.144   |    0 |  255 | dcity=Yokosuka, 
>> 19,Japan,35.283600,139.667206           |
>> | 174.129.205.216 | 192.168.1.193  |  255 |    0 |  
>> scity=Seattle,WA,United States,47.583900,-122.299500   |
>> | 192.168.1.153   | 61.227.165.38  |    0 |  255 | dcity=Taipei, 
>> 03,Taiwan,25.039200,121.525002            |
>> | 192.168.1.153   | 60.48.182.58   |    0 |  255 | dcity=Kuala  
>> Lumpur,14,Malaysia,3.166700,101.699997     |
>> | 192.168.1.153   | 219.81.178.102 |    0 |  255 | dcity=Taipei, 
>> 03,Taiwan,25.039200,121.525002            |
>> | 192.168.1.153   | 60.62.64.144   |    0 |  255 | dcity=Yokosuka, 
>> 19,Japan,35.283600,139.667206           |
>> | 59.175.114.187  | 192.168.1.153  |  255 |    0 | scity=Wuhan, 
>> 12,China,30.583300,114.266701              |
>> | 192.168.1.153   | 207.188.65.224 |    0 |  255 |  
>> dcity=Toronto,ON,Canada,43.666698,-79.416801           |
>> | 192.168.1.193   | 69.63.178.18   |    0 |  255 | dcity=Palo  
>> Alto,CA,United States,37.442902,-122.151398 |
>> | 192.168.1.153   | 60.48.182.58   |    0 |  255 | dcity=Kuala  
>> Lumpur,14,Malaysia,3.166700,101.699997     |
>> +-----------------+----------------+------+------ 
>> +--------------------------------------------------------+
>> 10 rows in set (0.00 sec)
>>
>> Apparently the sas and das don't seem to be right.
>>
>> Thanks!
>>
>> C.S.Lee
>> http://geek00l.blogspot.com
>> http://defcraft.net
>
>
>
>
> -- 
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090914/1c59e66d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090914/1c59e66d/attachment.bin>

More information about the argus mailing list