rasqlinsert issue

CS Lee geek00l at gmail.com
Mon Jun 11 11:40:22 EDT 2012 

hi guys,

Has anyone used radium with label file and having problem when using
rasqlinsert to log to database?

Currently in my setup, if I don't enable this in radium.conf

RADIUM_CLASSIFIER_FILE="/nsmon/etc/ralabel.conf"

In ralabel.conf
RALABEL_ARIN_COUNTRY_CODES=yes
RA_DELEGATED_IP="/nsmon/junk/delegated-ipv4-latest"
RALABEL_GEOIP_ASN=yes
RALABEL_GEOIP_ASN_FILE="/nsmon/junk/GeoIPASNum.dat"

Everything is running fine, however if I enable them then rasqlinsert keeps
exiting, so I run gdb as shown below -

gdb /usr/local/stow/argusc-3.0.7.1-update/bin/rasqlinsert
GNU gdb (Ubuntu/Linaro 7.3-0ubuntu2) 7.3-2011.08
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from
/usr/local/stow/argusc-3.0.7.1-update/bin/rasqlinsert...done.
(gdb) l ArgusMergeRecord
Function "ArgusMergeRecord" not defined.
(gdb) l ArgusMergeRecords
7352    }
7353
7354
7355    void
7356    ArgusMergeRecords (struct ArgusAggregatorStruct *na, struct
ArgusRecordStruct *ns1, struct ArgusRecordStruct *ns2)
7357    {
7358       struct ArgusAgrStruct *agr = NULL;
7359       double seconds;
7360       int i;
7361
(gdb) b 7356
Breakpoint 1 at 0x494389: file ./argus_client.c, line 7356.
(gdb) run -D 3 -Z b -n -S 127.0.0.1:562 -w
mysql://root@localhost/argusdb/tbl_argus
-M cache -s stime ltime dur srcid flgs proto saddr sport dir daddr dport
pkts bytes appbytes state spkts dpkts sbytes dbytes sappbytes dappbytes
smaxsz dmaxsz sminsz dminsz smac dmac sco dco sas das - tcp
Starting program: /usr/local/stow/argusc-3.0.7.1-update/bin/rasqlinsert -D
3 -Z b -n -S 127.0.0.1:562 -w mysql://root@localhost/argusdb/tbl_argus -M
cache -s stime ltime dur srcid flgs proto saddr sport dir daddr dport pkts
bytes appbytes state spkts dpkts sbytes dbytes sappbytes dappbytes smaxsz
dmaxsz sminsz dminsz smac dmac sco dco sas das - tcp
[Thread debugging using libthread_db enabled]
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.913931 ArgusAddHostList
(0xf7ea4010, 127.0.0.1:562, 1, 6) returning 1
rasqlinsert[19024.2087fef7ff7f0000]: 21:44:31.914602 Argusfinish_parse
(0xb9e6c0)
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.915390 ArgusFilterCompile ()
done 0
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.915945
RaTopNewProcess(0xf7ea4010) returns 0xbb1270
[New Thread 0x7ffff5a4b700 (LWP 19025)]
[Thread 0x7ffff5a4b700 (LWP 19025) exited]
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.932558
ArgusCreateSQLSaveTable (tbl_argus) returning
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.932657 RaMySQLInit ()
RaSource (null) RaArchive (null) RaFormat (null)
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.933495 ArgusInitAddrtoname
(0xf7ea4010, 0x0, 0x0)
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.933547
ArgusParseInit(0xf7ea4010, NULL)
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.933580 main: reading files
completed
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.933628 Trying 127.0.0.1 port
562 Expecting Argus records
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.933705 connected
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.933731 ArgusGetServerSocket
(0x7ffff7e42010) returning 8
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.988647 ArgusReadConnection()
read 16 bytes
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.988746
ArgusParseInit(0xf7ea4010 0xf7e42010
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:31.988781
ArgusWriteConnection(0xf7e42010, 0xfffbe100, 20) returning 20
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:32.130161
ArgusWriteConnection(0xf7e42010, 0xfffbe100, 7) returning 7
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:32.130207
ArgusReadConnection(0xf7e42010, 2) returning 1
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:32.130255
ArgusReadStream(0x7ffff7ea4010) starting
rasqlinsert[19021.2087fef7ff7f0000]: 21:44:32.134189 ArgusProcessThisRecord
() sql query SELECT record FROM tbl_argus WHERE srcid="10.10.10.10" and
proto="tcp" and saddr="192.168.5.10" and sport="48073" and
daddr="192.168.5.20" and dport="4307"

Breakpoint 1, ArgusMergeRecords (na=0xbb0d80, ns1=0xbd43c0, ns2=0xbd4920)
at ./argus_client.c:7357
7357    {
(gdb) where
#0  ArgusMergeRecords (na=0xbb0d80, ns1=0xbd43c0, ns2=0xbd4920) at
./argus_client.c:7357
#1  0x0000000000415af5 in RaProcessThisRecord (parser=0x7ffff7ea4010,
ns=0x7ffff7e42620) at ./rasqlinsert.c:5467
#2  0x0000000000414574 in RaProcessRecord (parser=0x7ffff7ea4010,
ns=0x7ffff7e42620) at ./rasqlinsert.c:5119
#3  0x000000000043985a in RaScheduleRecord (parser=0x7ffff7ea4010,
argus=0x7ffff7e42620) at ./argus_util.c:2346
#4  0x0000000000439f2f in ArgusHandleDatum (parser=0x7ffff7ea4010,
input=0x7ffff7e42010, ptr=0x7ffff421b010, filter=0x7ffff7fc5708) at
./argus_util.c:2457
#5  0x00000000004819f9 in ArgusReadStreamSocket (parser=0x7ffff7ea4010,
input=0x7ffff7e42010) at ./argus_client.c:426
#6  0x00000000004825a9 in ArgusReadStream (parser=0x7ffff7ea4010,
queue=0xb9d1e0) at ./argus_client.c:875
#7  0x00000000004218c9 in main (argc=46, argv=0x7fffffffe468) at
./argus_main.c:360
(gdb) up
#1  0x0000000000415af5 in RaProcessThisRecord (parser=0x7ffff7ea4010,
ns=0x7ffff7e42620) at ./rasqlinsert.c:5467
5467                      ArgusMergeRecords (ArgusParser->ArgusAggregator,
pns, tns);
(gdb) l
5462
5463                   pns->bins->status |= RA_DIRTYBINS;
5464
5465                } else {
5466                   if (parser->RaCumulativeMerge)
5467                      ArgusMergeRecords (ArgusParser->ArgusAggregator,
pns, tns);
5468                   else {
5469                      int i;
5470                      for (i = 0; i < ARGUSMAXDSRTYPE; i++) {
5471                         if (tns->dsrs[i] != NULL) {
(gdb) l
5472                            if (pns->dsrs[i] != NULL)
5473                               ArgusFree(pns->dsrs[i]);
5474                            pns->dsrs[i] = tns->dsrs[i];
5475                            tns->dsrs[i] = NULL;
5476                         }
5477                      }
5478                   }
5479
5480                   ArgusDeleteRecordStruct(ArgusParser, tns);
5481                   pns->status |= ARGUS_RECORD_MODIFIED;
(gdb) b 5466
Breakpoint 2 at 0x415abd: file ./rasqlinsert.c, line 5466.
(gdb) c
Continuing.
rasqlinsert[19021.2087fef7ff7f0000]: 21:54:51.999805 ArgusProcessThisRecord
() sql query SELECT record FROM tbl_argus WHERE srcid="10.10.10.10" and
proto="tcp" and saddr="192.168.50.10" and sport="63073" and
daddr="192.168.50.20" and dport="443"

Breakpoint 2, RaProcessThisRecord (parser=0x7ffff7ea4010,
ns=0x7ffff7e42620) at ./rasqlinsert.c:5466
5466                   if (parser->RaCumulativeMerge)
(gdb) n
5467                      ArgusMergeRecords (ArgusParser->ArgusAggregator,
pns, tns);

Carter, do let me know if I'm running gdb correctly so I can provide more
useful debugging output.

-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120611/c1c9ad32/attachment.html>

More information about the argus mailing list