ralabel

Fri Jun 1 11:12:48 EDT 2012

hi Carter,

Let me test now and show you the error when it shows up.

On Fri, Jun 1, 2012 at 10:53 PM, Carter Bullard <carter at qosient.com> wrote:

> Hey CS Lee,
> I'm sure that we don't escape some the ascii sequences that could be in
> the user buffers that mysql doesn't like,
> like  '  " ' which may terminate the string.  If you confirm this, I'll
> try to fix it quickly, but I'm not sure of
> the complete list of chars that mysql would want escaped.
>
> Carter
>
> On Jun 1, 2012, at 10:48 AM, CS Lee wrote:
>
> hi Carter,
>
> I made the test, as I have multiple version of argus in my box for testing
> I forgot the specify the path for the argus client version I want, so
> basically the data insert into database for saddr and daddr are correct in
> 3.0.6.1, the issue is the ralabel part in argus 3.0.6.1.
>
> Another issue I'm now looking at is actually bumping suser and duser into
> db, i see some errors when trying to insert suser and duser data into
> mysql, however I will report once i have confirmed about it.
>
> Thanks for quick response, cheers ;)
>
>
> On Fri, Jun 1, 2012 at 10:32 PM, Carter Bullard <carter at qosient.com>wrote:
>
>> Hey CS Lee,
>> So, I just tested the 3.0.6.1 patch, and it does seem to break the AS
>> labeling,
>> so back up to argus-clients-3.0.6 until I can figure out what I did.
>>
>> Carter
>>
>> On Jun 1, 2012, at 2:02 AM, CS Lee wrote:
>>
>> hi Carter,
>>
>> Has you updated ralabel, it doesn't seem to work on version 3.0.6.1, when
>> I run
>>
>> /usr/local/stow/argusc-3.0.6.1/bin/ralabel -f /nsmon/etc/ralabel.conf -S
>> 10.10.10.1:561 -w - | ra -n -s stime proto saddr sport dir daddr dport
>> state sco dco sas das
>>    12:28:55.523218    udp      1.2.3.4.64507    <->       15.15.15.15.53
>>       CON
>>    12:28:55.597702    udp      1.2.3.4.32771    <-       2.3.4.5.53
>> RSP
>>    12:28:55.647515    udp      1.2.3.4.60581    <->       15.15.15.15.53
>>       CON
>>
>> You can see nothing shows up, if I use 3.0.5.34, it seems to be working.
>> My ralabel.conf has these few lines enabled
>>
>> RALABEL_ARIN_COUNTRY_CODES=yes
>> RA_DELEGATED_IP="/nsmon/file/delegated-ipv4-latest"
>> RALABEL_GEOIP_ASN=yes
>> RALABEL_GEOIP_ASN_FILE="/nsmon/file/GeoIPASNum.dat"
>>
>> Cheers!
>>
>> --
>> Best Regards,
>>
>> CS Lee<geek00L[at]gmail.com>
>>
>> http://geek00l.blogspot.com
>> http://defcraft.net
>>
>>
>>
>
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
> http://defcraft.net
>
>
>

-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120601/a5e67ee2/attachment.html>