rasqlinsert daily database tables

David Edelman dedelman at iname.com
Wed Dec 4 14:39:04 EST 2013 

Ricardo,

If you are working in a 64-bit environment and you have recently updated any
of the MySQL related libraries you might want to look at which dynamic
libraries you are linking with rasqlinsert()  use the command ldd
/the/full/path/and/filename/for/rasqlinsert and send the output to this
mailing list.

--Dave
 
From:  Ricardo Dias <ricardo.dias at live.com>
Date:  Wednesday, December 4, 2013 2:41 PM
To:  Carter Bullard <carter at qosient.com>
Cc:  Argus <argus-info at lists.andrew.cmu.edu>
Subject:  Re: [ARGUS] rasqlinsert daily database tables

Hi Carter,

Thanks for your feedback.

I've attempted to run rasqlinsert v3.0.7.18 but quitted immediately with
segfault. I kept downgrading until v3.0.7.5 where it started successfully. I
will leave it running until tomorrow and see if the next day table is
created.

Thanks,
Ricardo


CC: argus-info at lists.andrew.cmu.edu
From: carter at qosient.com
Subject: Re: [ARGUS] rasqlinsert daily database tables
Date: Wed, 4 Dec 2013 07:08:32 -0500
To: ricardo.dias at live.com

Hey Ricardo,
Grab a copy of the developers clients version 3.0.7.18 where a lot of bugs
have been fixed.
   http://qosient.com/argus/dev/argus-clients-latest.tar.gz.

This version will become 3.0.8, hopefully soon.
When there are " % "s in the table name, the record contents become the
source of time for generating the destination table name.

All looks like it should work.  If you have problems with 3.0.7.18 send
email !!!!

Carter

Sent from my iPad

On Dec 4, 2013, at 6:15 AM, Ricardo Dias <ricardo.dias at live.com> wrote:

> Hello argus members.
> 
> I have been using argus for the last months and its been a really good
> experience.
> 
> In the past few weeks I've started to user rasqlinsert to store data in the
> mysql database with daily tables, I've created a service to start rasqlinsert
> upon boot, after argus, with the following statement:
> 
> "rasqlinsert -d -S localhost -m none -M time 1d -w
> mysql://root@localhost/argus/argus_%Y_%m_%d -s stime saddr sport daddr dport
> proto pkts"
> 
> When the service starts with creates the table just fine, but in the following
> days it doesn't create the respective tables and keeps storing all data in the
> same table when the service started. My first guess is that the date variables
> are static and the creation of new tables doesn't rely on the flow date time.
> But when I read the rasqlinser man it states otherwise: "rasqlinsert will
> generate table names based on time and insert its data relative to the
> timestamps found in the flow records it processes."
> 
> If I restart the rasqlinsert service the correct table for the day is created.
> 
> Can anyone give me a lead why this is happening?
> 
> By the way I'm using version argus 3.0.6.1 and rasqlinsert 3.0.6.2.
> 
> Thanks in advance!
> Ricardo
>        
       


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20131204/167c003e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2442 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20131204/167c003e/attachment.bin>

More information about the argus mailing list