rasqlinsert -s -record doesn't seem to work

Paul Schmehl pschmehl_lists at tx.rr.com
Tue Oct 23 23:14:11 EDT 2012 

I patched argus tonight, and it's now creating the db and entering the 
records as I desired.

I'm attaching the patches.

TYPE=MyISAM was deprecated in mysql 5.0 but still supported.  Since 5.1 
TYPE=MyISAM is no longer supported, and you must use ENGINE=MyISAM.

This is the command I'm using now:

rasqlinsert -Z b -M cache -m none -F rasqlinsert.conf -R 
/path/to/argus/files/2012-10-02/ -w 
mysql://user:pass@buttercup4.utdallas.edu/dbname/
tblname_2012_10_02 -M time 1d -s -record

Here's a view of the tables:
mysql> select * from tblname_2012_10_02 limit 10;
+-----------+-------------------+----------------+-------+---------------+-------+------+-------+-------+-------+
| seq       | stime             | saddr          | sport | daddr         | 
dport | pkts | bytes | state | proto |
+-----------+-------------------+----------------+-------+---------------+-------+------+-------+-------+-------+
| 105807958 | 1349121595.971430 | 10.174.37.162  | 63460 | 68.71.220.62  | 
443   |    2 |   120 | A_A   | tcp   |
| 105807959 | 1349121595.971592 | 10.21.16.47    | 53600 | 64.208.241.65 | 
80    |   75 | 68566 | PA_PA | tcp   |
| 105807960 | 1349121595.971961 | 129.110.31.40  | 39605 | 217.70.185.0  | 
53    |    1 |    87 | INT   | udp   |
| 105807961 | 1349121595.972484 | 74.125.225.134 | 80    | 10.21.1.146   | 
61692 |    1 |    60 | _RA   | tcp   |
| 105807962 | 1349121595.973084 | 10.21.16.178   | 53433 | 74.125.225.99 | 
80    |    5 |  2519 | PA_PA | tcp   |
| 105807963 | 1349121595.974383 | 10.190.104.195 | 59254 | 66.94.240.25  | 
80    |    2 |   120 | A_FA  | tcp   |
| 105807964 | 1349121595.974762 | 10.190.101.245 | 62995 | 75.102.13.140 | 
80    |   89 | 48592 | A_PA  | tcp   |
| 105807965 | 1349121595.974790 | 10.110.143.140 | 54014 | 64.4.44.48    | 
1863  |    3 |   182 | PA_PA | tcp   |
| 105807966 | 1349121595.974874 | 10.21.21.50    | 15326 | 121.9.201.100 | 
17788 |    2 |   241 | INT   | udp   |
| 105807967 | 1349121595.975586 | 10.170.40.197  | 49993 | 70.20.201.40  | 
18879 |    8 |   668 | A_PA  | tcp   |
+-----------+--------------

Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell
-------------- next part --------------
--- include/argus_event.h.orig	2012-10-24 01:52:34.000000000 +0000
+++ include/argus_event.h	2012-10-24 01:53:32.000000000 +0000
@@ -203,9 +203,9 @@
 */
 
 char *ArgusEventTableCreationString[RA_MAXTABLES * 2] = {
-   "CREATE TABLE %s (id int not null auto_increment, aisid varchar(255) not null, uid int(11) not null, project int(11) not null, start datetime, end datetime, type int(8), cause int(8), facility int(11), severity int(8), access timestamp(14), timestamp datetime not null, hostname varchar(255), sender varchar(255), instance varchar(255), version int(2) not null, message text, metadata text, status int (4), record blob, primary key (id)) TYPE=MyISAM",
+   "CREATE TABLE %s (id int not null auto_increment, aisid varchar(255) not null, uid int(11) not null, project int(11) not null, start datetime, end datetime, type int(8), cause int(8), facility int(11), severity int(8), access timestamp(14), timestamp datetime not null, hostname varchar(255), sender varchar(255), instance varchar(255), version int(2) not null, message text, metadata text, status int (4), record blob, primary key (id)) ENGINE=MyISAM",
 
-   "CREATE TABLE %s (id int not null auto_increment, %s , aisid varchar(255) not null, uid int(11) not null, project int(11) not null, start datetime, end datetime, type int(8), cause int(8), facility int(11), severity int(8), access timestamp(14), timestamp datetime not null, hostname varchar(255), sender varchar(255), instance varchar(255), version int(2) not null, message text, metadata text, status int (4), record blob, primary key (id)) TYPE=MyISAM",
+   "CREATE TABLE %s (id int not null auto_increment, %s , aisid varchar(255) not null, uid int(11) not null, project int(11) not null, start datetime, end datetime, type int(8), cause int(8), facility int(11), severity int(8), access timestamp(14), timestamp datetime not null, hostname varchar(255), sender varchar(255), instance varchar(255), version int(2) not null, message text, metadata text, status int (4), record blob, primary key (id)) ENGINE=MyISAM",
 };
 
 
-------------- next part --------------
--- ramysql/rasql.c.orig	2012-10-24 01:55:19.000000000 +0000
+++ ramysql/rasql.c	2012-10-24 01:55:56.000000000 +0000
@@ -1840,7 +1840,7 @@
       if (ArgusSOptionRecord)
          sprintf (&sbuf[strlen(sbuf)], ", record blob");
 
-      sprintf (&sbuf[strlen(sbuf)], ") TYPE=MyISAM");
+      sprintf (&sbuf[strlen(sbuf)], ") ENGINE=MyISAM");
       RaTableCreateString[cindex] = strdup(sbuf);
 
       cindex++;
-------------- next part --------------
--- ramysql/rasqlinsert.c.orig	2012-10-24 01:57:27.000000000 +0000
+++ ramysql/rasqlinsert.c	2012-10-24 01:57:49.000000000 +0000
@@ -8316,7 +8316,7 @@
       if (ArgusSOptionRecord)
          sprintf (&sbuf[strlen(sbuf)], ", record blob");
 
-      sprintf (&sbuf[strlen(sbuf)], ") TYPE=MyISAM");
+      sprintf (&sbuf[strlen(sbuf)], ") ENGINE=MyISAM");
       RaTableCreateString[cindex] = strdup(sbuf);
 
       cindex++;
-------------- next part --------------
--- ramysql/rasqltimeindex.h.orig	2012-10-24 02:38:32.000000000 +0000
+++ ramysql/rasqltimeindex.h	2012-10-24 02:39:37.000000000 +0000
@@ -126,9 +126,9 @@
 };
  
 char *RaTableCreationString[RA_NUMTABLES] = {
-   "CREATE TABLE Filename (id int not null auto_increment, filename varchar(255) not null, size int unsigned, creation int unsigned , hmac varchar(64), start int unsigned, stop int unsigned, indexed int unsigned, primary key (id)) TYPE=MyISAM",
-   "CREATE TABLE Seconds (probe int unsigned not null, second int unsigned not null, fileindex int not null, ostart int unsigned not null, ostop int unsigned not null, KEY secondprobeKey(second, probe)) TYPE=MyISAM",
-   "CREATE TABLE Probes (id int not null auto_increment, name varchar(32) not null, url varchar(255) not null, type varchar(255), filter varchar(255), authname varchar(255), authpass varchar(255), description varchar(255), access timestamp(14), created timestamp(14), start timestamp(14), stop timestamp(14), status int unsigned, primary key (id)) TYPE=MyISAM",
+   "CREATE TABLE Filename (id int not null auto_increment, filename varchar(255) not null, size int unsigned, creation int unsigned , hmac varchar(64), start int unsigned, stop int unsigned, indexed int unsigned, primary key (id)) ENGINE=MyISAM",
+   "CREATE TABLE Seconds (probe int unsigned not null, second int unsigned not null, fileindex int not null, ostart int unsigned not null, ostop int unsigned not null, KEY secondprobeKey(second, probe)) ENGINE=MyISAM",
+   "CREATE TABLE Probes (id int not null auto_increment, name varchar(32) not null, url varchar(255) not null, type varchar(255), filter varchar(255), authname varchar(255), authpass varchar(255), description varchar(255), access timestamp(14), created timestamp(14), start timestamp(14), stop timestamp(14), status int unsigned, primary key (id)) ENGINE=MyISAM",
 };
 
 #define RA_MAXSQLQUERY		8

More information about the argus mailing list