rasqlinsert daily database tables

Ricardo Dias ricardo.dias at live.com
Wed Dec 4 09:41:08 EST 2013 

Hi Carter,

Thanks for your feedback.

I've attempted to run rasqlinsert v3.0.7.18 but quitted immediately with segfault. I kept downgrading until v3.0.7.5 where it started successfully. I will leave it running until tomorrow and see if the next day table is created.

Thanks,
Ricardo

CC: argus-info at lists.andrew.cmu.edu
From: carter at qosient.com
Subject: Re: [ARGUS] rasqlinsert daily database tables
Date: Wed, 4 Dec 2013 07:08:32 -0500
To: ricardo.dias at live.com

Hey Ricardo,Grab a copy of the developers clients version 3.0.7.18 where a lot of bugs have been fixed.   http://qosient.com/argus/dev/argus-clients-latest.tar.gz.
This version will become 3.0.8, hopefully soon.When there are " % "s in the table name, the record contents become the source of time for generating the destination table name.
All looks like it should work.  If you have problems with 3.0.7.18 send email !!!!
Carter

Sent from my iPad
On Dec 4, 2013, at 6:15 AM, Ricardo Dias <ricardo.dias at live.com> wrote:




Hello argus members.

I have been using argus for the last months and its been a really good experience.

In the past few weeks I've started to user rasqlinsert to store data in the mysql database with daily tables, I've created a service to start rasqlinsert upon boot, after argus, with the following statement:

"rasqlinsert -d -S localhost -m none -M time 1d -w mysql://root@localhost/argus/argus_%Y_%m_%d -s stime saddr sport daddr dport proto pkts"

When the service starts with creates the table just fine, but in the following days it doesn't create the respective tables and keeps storing all data in the same table when the service started. My first guess is that the date variables are static and the creation of new tables doesn't rely on the flow date time. But when I read the rasqlinser man it states otherwise: "rasqlinsert will generate table names based on time and insert its data relative to the timestamps found in the flow records it processes."

If I restart the rasqlinsert service the correct table for the day is created.

Can anyone give me a lead why this is happening?

By the way I'm using version argus 3.0.6.1 and rasqlinsert 3.0.6.2.

Thanks in advance!
Ricardo
 		 	   		  
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20131204/16ad293c/attachment.html>

More information about the argus mailing list