Inserting AS Number and Label To DB

CS Lee geek00l at gmail.com
Mon Sep 14 10:26:40 EDT 2009 

hi Carter,

THANKS ;)

On Mon, Sep 14, 2009 at 10:17 PM, Carter Bullard <carter at qosient.com> wrote:

> Hey CS Lee,   Fixed!!
> Carter
>
> On Sep 13, 2009, at 11:21 AM, CS Lee wrote:
>
> hi Carter,
>
> From my previous example, ralabel is working alright as you can see it
> shows the right sas and das -
>
>            SrcAddr            DstAddr   sAS   dAS
>      114.47.198.87      192.168.1.153  3462
>     218.175.209.38      192.168.1.153  3462
>      202.76.223.75      192.168.1.153  2516
>    218.173.107.206      192.168.1.153  3462
>      192.168.1.153       75.30.77.120        7132
>      192.168.1.153        58.3.27.159        7679
>
> The only problem is when inserting into DB with rasqlinsert, it is
> incorrect and it has 0-255, that looks to be the problem with the sas/das
> variable type -
>
> echo 'desc ralabel' | mysql -u root argusdb
> Field    Type    Null    Key    Default    Extra
> stime    double(18,6) unsigned    NO        NULL
> flgs    varchar(32)    YES        NULL
> proto    varchar(16)    NO        NULL
> saddr    varchar(64)    NO        NULL
> sport    varchar(10)    NO        NULL
> dir    varchar(3)    YES        NULL
> daddr    varchar(64)    NO        NULL
> dport    varchar(10)    NO        NULL
> pkts    bigint(20)    YES        NULL
> bytes    bigint(20)    YES        NULL
> state    varchar(32)    YES        NULL
> *sas    tinyint(3) unsigned    YES        NULL
> das    tinyint(3) unsigned    YES        NULL    *
> label    varchar(4098)    YES        NULL
> record    blob    YES        NULL
>
> Since it is tinyint and unsigned, it can store 0-255 because it is 1 byte
> only, while the asn is 16/32 bits so it is larger than that.
>
> Thanks!
>
> On Sun, Sep 13, 2009 at 9:19 PM, Carter Bullard <carter at qosient.com>wrote:
>
>> All of that is controlled by your ralabel.conf file.What does that look
>> like?
>> Carter
>>
>> On Sep 13, 2009, at 1:36 AM, CS Lee wrote:
>>
>> hi Carter,
>>
>> I try this out and ralabel seems to work correctly -
>>
>> ralabel -S localhost -f ralabel.conf -L0 -s saddr daddr sas das label:64
>>            SrcAddr            DstAddr   sAS
>> dAS                                                            Label
>>      192.168.1.153       218.88.17.13        4134
>> dcity=Chengdu,32,China,30.666700,104.066597
>>       210.24.205.7      192.168.1.153  4628
>> scity=Singapore,00,Singapore,1.293100,103.855797
>>      192.168.1.153    218.163.175.176        3462
>> dcity=Taipei,03,Taiwan,25.039200,121.525002
>>      192.168.1.153    202.103.208.247        4134
>> dcity=Nanning,16,China,22.816700,108.316597
>>      192.168.1.153     219.139.201.80        4134
>> dcity=Wuhan,12,China,30.583300,114.266701
>>      192.168.1.153     220.253.11.150        4854
>> dcity=Melbourne,07,Australia,-37.816700,144.966705
>>
>> Then I would like to insert AS Number and Label to the db with -
>>
>> ralabel -S localhost -f ralabel.conf -w - | rasqlinsert -r - -w
>> mysql://root@localhost/argusdb/ralabel -m none -s +sas +das +label
>>
>> While the label is inserted correctly, the AS Number seems to be wrong, I
>> would really like the asn data to be in the database -
>>
>> SELECT saddr, daddr, sas, das, label FROM ralabel limit 10;
>>
>> +-----------------+----------------+------+------+--------------------------------------------------------+
>> | saddr           | daddr          | sas  | das  |
>> label                                                  |
>>
>> +-----------------+----------------+------+------+--------------------------------------------------------+
>> | 192.168.1.153   | 60.62.64.144   |    0 |  255 |
>> dcity=Yokosuka,19,Japan,35.283600,139.667206           |
>> | 174.129.205.216 | 192.168.1.193  |  255 |    0 | scity=Seattle,WA,United
>> States,47.583900,-122.299500   |
>> | 192.168.1.153   | 61.227.165.38  |    0 |  255 |
>> dcity=Taipei,03,Taiwan,25.039200,121.525002            |
>> | 192.168.1.153   | 60.48.182.58   |    0 |  255 | dcity=Kuala
>> Lumpur,14,Malaysia,3.166700,101.699997     |
>> | 192.168.1.153   | 219.81.178.102 |    0 |  255 |
>> dcity=Taipei,03,Taiwan,25.039200,121.525002            |
>> | 192.168.1.153   | 60.62.64.144   |    0 |  255 |
>> dcity=Yokosuka,19,Japan,35.283600,139.667206           |
>> | 59.175.114.187  | 192.168.1.153  |  255 |    0 |
>> scity=Wuhan,12,China,30.583300,114.266701              |
>> | 192.168.1.153   | 207.188.65.224 |    0 |  255 |
>> dcity=Toronto,ON,Canada,43.666698,-79.416801           |
>> | 192.168.1.193   | 69.63.178.18   |    0 |  255 | dcity=Palo
>> Alto,CA,United States,37.442902,-122.151398 |
>> | 192.168.1.153   | 60.48.182.58   |    0 |  255 | dcity=Kuala
>> Lumpur,14,Malaysia,3.166700,101.699997     |
>>
>> +-----------------+----------------+------+------+--------------------------------------------------------+
>> 10 rows in set (0.00 sec)
>>
>> Apparently the sas and das don't seem to be right.
>>
>> Thanks!
>>
>> C.S.Lee
>> http://geek00l.blogspot.com
>> http://defcraft.net
>>
>>
>>
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
>
>
> Carter Bullard
> CEO/President
> QoSient, LLC
> 150 E 57th Street Suite 12D
> New York, New York  10022
>
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
>
>
>


-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090914/b6bbd2d8/attachment.html>

More information about the argus mailing list