rasqlinsert -s -record doesn't seem to work
Carter Bullard
carter at qosient.com
Wed Oct 24 09:35:16 EDT 2012
Hey Paul,
We've had this fix in rasqlinsert for quite sometime. Starting on line 8410 of rasqlinsert():
if ((MySQLVersionMajor > 4) || ((MySQLVersionMajor == 4) &&
(MySQLVersionMinor >= 1)))
sprintf (&sbuf[strlen(sbuf)], ") ENGINE=%s", ArgusParser->MySQLDBEngine);
else
sprintf (&sbuf[strlen(sbuf)], ") TYPE=%s", ArgusParser->MySQLDBEngine);
Does your code not have this code ? What version of software are you using?
Carter
On Oct 23, 2012, at 11:14 PM, Paul Schmehl <pschmehl_lists at tx.rr.com> wrote:
> I patched argus tonight, and it's now creating the db and entering the records as I desired.
>
> I'm attaching the patches.
>
> TYPE=MyISAM was deprecated in mysql 5.0 but still supported. Since 5.1 TYPE=MyISAM is no longer supported, and you must use ENGINE=MyISAM.
>
> This is the command I'm using now:
>
> rasqlinsert -Z b -M cache -m none -F rasqlinsert.conf -R /path/to/argus/files/2012-10-02/ -w mysql://user:pass@buttercup4.utdallas.edu/dbname/
> tblname_2012_10_02 -M time 1d -s -record
>
> Here's a view of the tables:
> mysql> select * from tblname_2012_10_02 limit 10;
> +-----------+-------------------+----------------+-------+---------------+-------+------+-------+-------+-------+
> | seq | stime | saddr | sport | daddr | dport | pkts | bytes | state | proto |
> +-----------+-------------------+----------------+-------+---------------+-------+------+-------+-------+-------+
> | 105807958 | 1349121595.971430 | 10.174.37.162 | 63460 | 68.71.220.62 | 443 | 2 | 120 | A_A | tcp |
> | 105807959 | 1349121595.971592 | 10.21.16.47 | 53600 | 64.208.241.65 | 80 | 75 | 68566 | PA_PA | tcp |
> | 105807960 | 1349121595.971961 | 129.110.31.40 | 39605 | 217.70.185.0 | 53 | 1 | 87 | INT | udp |
> | 105807961 | 1349121595.972484 | 74.125.225.134 | 80 | 10.21.1.146 | 61692 | 1 | 60 | _RA | tcp |
> | 105807962 | 1349121595.973084 | 10.21.16.178 | 53433 | 74.125.225.99 | 80 | 5 | 2519 | PA_PA | tcp |
> | 105807963 | 1349121595.974383 | 10.190.104.195 | 59254 | 66.94.240.25 | 80 | 2 | 120 | A_FA | tcp |
> | 105807964 | 1349121595.974762 | 10.190.101.245 | 62995 | 75.102.13.140 | 80 | 89 | 48592 | A_PA | tcp |
> | 105807965 | 1349121595.974790 | 10.110.143.140 | 54014 | 64.4.44.48 | 1863 | 3 | 182 | PA_PA | tcp |
> | 105807966 | 1349121595.974874 | 10.21.21.50 | 15326 | 121.9.201.100 | 17788 | 2 | 241 | INT | udp |
> | 105807967 | 1349121595.975586 | 10.170.40.197 | 49993 | 70.20.201.40 | 18879 | 8 | 668 | A_PA | tcp |
> +-----------+--------------
>
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> *******************************************
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell
> <patch-include-argus__event.h><patch-ramysql-rasql.c><patch-ramysql-rasqlinsert.c><patch-ramysql-rasqltimeindex.h>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2589 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121024/3195d1f5/attachment.bin>
More information about the argus
mailing list