Database design concerns

Carter Bullard carter at qosient.com
Fri Oct 26 00:21:58 EDT 2012


Hey Paul,
All the rasql* tools know how to cross day boundaries to find data, so it works well for ra*.
But, that doesn't mean that there aren't better ways of doing things.

No reason, ..., nobody has asked for column indexing with rasql* programs.  Probably
because it does slow down record insertion.  You have decided to not insert the binary
argus record into the database, so you don't need any of the rasql* tools to do your
database operations.  

What kind of queries are you doing ?

Carter

On Oct 26, 2012, at 12:05 AM, Paul Schmehl <pschmehl_lists at tx.rr.com> wrote:

> Carter, after patching the old version of argus, the creation of tables is working.
> 
> I ran a day's worth of data and ended up with over 120 million rows. Creating a differently named table each day complicates queries that cross day boundaries, so I'd like to avoid that, if possible.
> 
> I'm thinking about creating a monthly table and then using daily partitions to keep query times fast.  After indexing stime, saddr and daddr, most of my queries complete in less than a second.
> 
> Is there a reason you don't index any of the columns?
> 
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> *******************************************
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2589 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121026/a2a65473/attachment.bin>


More information about the argus mailing list