adding arbitrary lables

Carter Bullard carter at qosient.com
Mon Jun 28 10:10:38 EDT 2010


Hey George,
Well, you could do this (leaving out a lot of specifics)

   ... | ralabel -f ralabel.conf -w - | rasqlinsert -M label="foo" -s +label

where ralabel.conf specifies how flows are labeled and "foo" is a regular
expression that will match from the label buffer.   This will insert flows
that match a particular label into a specified database table.  You could
expose the label, as we do here with the "-s +label" if the label has more
information than just 'foo' in it.

No support for having argus data contents create new database attributes,
on the fly.  Think of a printable field as a supported attribute.
That maybe a bit of a stretch, given how tables are created, fields are
printed, how we specify types, and sizes for attributes,  etc....

But we do have support for argus contents to be used in the MySQL table
name, very much like rasplit() can use contents when building filesystem
directory paths.

   rasqlinsert -w mysql://user@host/db/table_\$label

but the format of the label will have to be well planned, as the MySQL
table name restrictions can byte you.  If you do plan on doing this,
use rasplit() to see how it names directories using this same strategy:

   rasplit -w /path/to/files/\$srcid/\$label/%Y/%m/%d

If you get good directory names, then more than likely you'll get good
database table names in MySQL.  Important to know what happens
if you have other labeling stages in your data ingest pipeline.

If you try this and you have problems, send email, and we'll make that work.

You can have radium() do the labeling, which makes it easy to automate
and manage.

Carter


On Jun 25, 2010, at 8:28 AM, George Jones wrote:

> Would like to add arbitrary lables to data and insert the lables as columns using rasqlinsert.
> Something like:
>  
>   ... | ralabel -r -w -??? ALL_THIS_DATA_IS_TYPE_foo | rasqlinsert -s +foo
>  
> Thanks.
>  
> coming up the learning curve,
> ---George Jones

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100628/7ecb318e/attachment.bin>


More information about the argus mailing list