ralabel

Carter Bullard carter at qosient.com
Fri Jun 1 10:53:01 EDT 2012 

Hey CS Lee,
I'm sure that we don't escape some the ascii sequences that could be in the user buffers that mysql doesn't like,
like  '  " ' which may terminate the string.  If you confirm this, I'll try to fix it quickly, but I'm not sure of
the complete list of chars that mysql would want escaped.

Carter

On Jun 1, 2012, at 10:48 AM, CS Lee wrote:

> hi Carter,
> 
> I made the test, as I have multiple version of argus in my box for testing I forgot the specify the path for the argus client version I want, so basically the data insert into database for saddr and daddr are correct in 3.0.6.1, the issue is the ralabel part in argus 3.0.6.1.
> 
> Another issue I'm now looking at is actually bumping suser and duser into db, i see some errors when trying to insert suser and duser data into mysql, however I will report once i have confirmed about it.
> 
> Thanks for quick response, cheers ;)
> 
> 
> On Fri, Jun 1, 2012 at 10:32 PM, Carter Bullard <carter at qosient.com> wrote:
> Hey CS Lee,
> So, I just tested the 3.0.6.1 patch, and it does seem to break the AS labeling,
> so back up to argus-clients-3.0.6 until I can figure out what I did.
> 
> Carter
> 
> On Jun 1, 2012, at 2:02 AM, CS Lee wrote:
> 
>> hi Carter,
>> 
>> Has you updated ralabel, it doesn't seem to work on version 3.0.6.1, when I run 
>> 
>> /usr/local/stow/argusc-3.0.6.1/bin/ralabel -f /nsmon/etc/ralabel.conf -S 10.10.10.1:561 -w - | ra -n -s stime proto saddr sport dir daddr dport state sco dco sas das
>>    12:28:55.523218    udp      1.2.3.4.64507    <->       15.15.15.15.53       CON
>>    12:28:55.597702    udp      1.2.3.4.32771    <-       2.3.4.5.53       RSP
>>    12:28:55.647515    udp      1.2.3.4.60581    <->       15.15.15.15.53       CON
>> 
>> You can see nothing shows up, if I use 3.0.5.34, it seems to be working. My ralabel.conf has these few lines enabled
>> 
>> RALABEL_ARIN_COUNTRY_CODES=yes
>> RA_DELEGATED_IP="/nsmon/file/delegated-ipv4-latest"
>> RALABEL_GEOIP_ASN=yes
>> RALABEL_GEOIP_ASN_FILE="/nsmon/file/GeoIPASNum.dat"
>> 
>> Cheers!
>> 
>> -- 
>> Best Regards,
>> 
>> CS Lee<geek00L[at]gmail.com>
>> 
>> http://geek00l.blogspot.com
>> http://defcraft.net
> 
> 
> 
> 
> -- 
> Best Regards,
> 
> CS Lee<geek00L[at]gmail.com>
> 
> http://geek00l.blogspot.com
> http://defcraft.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120601/2bb8dd2f/attachment.html>

More information about the argus mailing list