rasqlinsert
CS Lee
geek00l at gmail.com
Fri Jun 1 06:04:16 EDT 2012
hi Carter,
I use rasqlinsert to insert the data into mysql database, however when I
check, it seems I have this issue -
mysql> select saddr,sport,daddr,dport from tbl_argus where proto='tcp'
limit 10;
+-------------+-------+-------------+-------+
| saddr | sport | daddr | dport |
+-------------+-------+-------------+-------+
| %T.0.000000 | 1034 | %T.0.000000 | 64985 |
| %T.0.000000 | 1070 | %T.0.000000 | 59292 |
| %T.0.000000 | 1072 | %T.0.000000 | 46579 |
| %T.0.000000 | 1084 | %T.0.000000 | 10942 |
| %T.0.000000 | 10864 | %T.0.000000 | 80 |
| %T.0.000000 | 1104 | %T.0.000000 | 445 |
| %T.0.000000 | 1110 | %T.0.000000 | 51413 |
| %T.0.000000 | 11104 | %T.0.000000 | 80 |
| %T.0.000000 | 11105 | %T.0.000000 | 80 |
| %T.0.000000 | 11106 | %T.0.000000 | 80 |
+-------------+-------+-------------+-------+
10 rows in set (0.00 sec)
It was alright with older version of rasqlinsert last time, this is really
odd. And when using rasql it retrieves the data correctly -
rasql -r mysql://localhost/argusdb/argus_table -s saddr daddr
1.2.3.4 2.3.4.5
1.2.3.4 5.6.7.8
Maybe some conversion is done in between? I really need the data to be
understand by mysql command so that can perform analysis using mysql query
and reporting.
Cheers!
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120601/b98e6666/attachment.html>
More information about the argus
mailing list