rasqlinsert daily database tables
Ricardo Dias
ricardo.dias at live.com
Wed Dec 4 06:15:05 EST 2013
Hello argus members.
I have been using argus for the last months and its been a really good experience.
In the past few weeks I've started to user rasqlinsert to store data in the mysql database with daily tables, I've created a service to start rasqlinsert upon boot, after argus, with the following statement:
"rasqlinsert -d -S localhost -m none -M time 1d -w mysql://root@localhost/argus/argus_%Y_%m_%d -s stime saddr sport daddr dport proto pkts"
When the service starts with creates the table just fine, but in the following days it doesn't create the respective tables and keeps storing all data in the same table when the service started. My first guess is that the date variables are static and the creation of new tables doesn't rely on the flow date time. But when I read the rasqlinser man it states otherwise: "rasqlinsert will generate table names based on time and insert its data relative to the timestamps found in the flow records it processes."
If I restart the rasqlinsert service the correct table for the day is created.
Can anyone give me a lead why this is happening?
By the way I'm using version argus 3.0.6.1 and rasqlinsert 3.0.6.2.
Thanks in advance!
Ricardo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20131204/47c32227/attachment.html>
More information about the argus
mailing list