rasqlinsert daily database tables

Carter Bullard carter at qosient.com
Wed Dec 4 10:27:10 EST 2013 

Hmmmm, the segfaults are not good !!!!
One way to test is to use really short time periods, and see if the tables do the right thing.
Like  “ -M time 5 min”.  That way you don’t have to wait to see the results.

If there is a chance you can help us fix your segfaults, if you could do these steps below,
and send the results, that would great !!!

In the root directory:

   % touch .devel
   % ./configure
   % make clean
   % make

Run it without the -d option, under gdb if its available:

   % gdb bin/rasqlinsert
   (gdb) run -S localhost -m none -M time 1d -w mysql://root@localhost/argus/argus_%Y_%m_%d -s stime saddr sport daddr dport proto pkts

and when it dies, type “ where “

     (gdb) where

Thanks !!!!!

Carter


On Dec 4, 2013, at 9:41 AM, Ricardo Dias <ricardo.dias at live.com> wrote:

> Hi Carter,
> 
> Thanks for your feedback.
> 
> I've attempted to run rasqlinsert v3.0.7.18 but quitted immediately with segfault. I kept downgrading until v3.0.7.5 where it started successfully. I will leave it running until tomorrow and see if the next day table is created.
> 
> Thanks,
> Ricardo
> 
> CC: argus-info at lists.andrew.cmu.edu
> From: carter at qosient.com
> Subject: Re: [ARGUS] rasqlinsert daily database tables
> Date: Wed, 4 Dec 2013 07:08:32 -0500
> To: ricardo.dias at live.com
> 
> Hey Ricardo,
> Grab a copy of the developers clients version 3.0.7.18 where a lot of bugs have been fixed.
>    http://qosient.com/argus/dev/argus-clients-latest.tar.gz.
> 
> This version will become 3.0.8, hopefully soon.
> When there are " % "s in the table name, the record contents become the source of time for generating the destination table name.
> 
> All looks like it should work.  If you have problems with 3.0.7.18 send email !!!!
> 
> Carter
> 
> Sent from my iPad
> 
> On Dec 4, 2013, at 6:15 AM, Ricardo Dias <ricardo.dias at live.com> wrote:
> 
> Hello argus members.
> 
> I have been using argus for the last months and its been a really good experience.
> 
> In the past few weeks I've started to user rasqlinsert to store data in the mysql database with daily tables, I've created a service to start rasqlinsert upon boot, after argus, with the following statement:
> 
> "rasqlinsert -d -S localhost -m none -M time 1d -w mysql://root@localhost/argus/argus_%Y_%m_%d -s stime saddr sport daddr dport proto pkts"
> 
> When the service starts with creates the table just fine, but in the following days it doesn't create the respective tables and keeps storing all data in the same table when the service started. My first guess is that the date variables are static and the creation of new tables doesn't rely on the flow date time. But when I read the rasqlinser man it states otherwise: "rasqlinsert will generate table names based on time and insert its data relative to the timestamps found in the flow records it processes."
> 
> If I restart the rasqlinsert service the correct table for the day is created.
> 
> Can anyone give me a lead why this is happening?
> 
> By the way I'm using version argus 3.0.6.1 and rasqlinsert 3.0.6.2.
> 
> Thanks in advance!
> Ricardo

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20131204/a150b216/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20131204/a150b216/attachment.bin>

More information about the argus mailing list