rasqlinsert daily database tables

Thu Dec 5 11:46:06 EST 2013

Hi Carter,

Good news, the v3.0.7.5 created the daily table just fine!

Regarding
 the debugging I'm afraid I won't be of good help, this server have a 
minimal installation (RHEL 4, oldie...) and the gdb package isn't 
installed :-(
I plan moving the sensor to a new server in a couple of
 months, hopefully with a non-legacy OS, and then I'll attempt to setup 
the latest.

Thanks for the feedback!
Ricardo

Subject: Re: [ARGUS] rasqlinsert daily database tables
From: carter at qosient.com
Date: Wed, 4 Dec 2013 10:27:10 -0500
CC: argus-info at lists.andrew.cmu.edu
To: ricardo.dias at live.com

Hmmmm, the segfaults are not good !!!!One way to test is to use really short time periods, and see if the tables do the right thing.Like  “ -M time 5 min”.  That way you don’t have to wait to see the results.
If there is a chance you can help us fix your segfaults, if you could do these steps below,and send the results, that would great !!!
In the root directory:
   % touch .devel   % ./configure   % make clean   % make
Run it without the -d option, under gdb if its available:
   % gdb bin/rasqlinsert   (gdb) run -S localhost -m none -M time 1d -w mysql://root@localhost/argus/argus_%Y_%m_%d -s stime saddr sport daddr dport proto pkts
and when it dies, type “ where “
     (gdb) where
Thanks !!!!!
Carter

On Dec 4, 2013, at 9:41 AM, Ricardo Dias <ricardo.dias at live.com> wrote:Hi Carter,

Thanks for your feedback.

I've attempted to run rasqlinsert v3.0.7.18 but quitted immediately with segfault. I kept downgrading until v3.0.7.5 where it started successfully. I will leave it running until tomorrow and see if the next day table is created.

Thanks,
Ricardo

CC: argus-info at lists.andrew.cmu.edu
From: carter at qosient.com
Subject: Re: [ARGUS] rasqlinsert daily database tables
Date: Wed, 4 Dec 2013 07:08:32 -0500
To: ricardo.dias at live.com

Hey Ricardo,Grab a copy of the developers clients version 3.0.7.18 where a lot of bugs have been fixed.   http://qosient.com/argus/dev/argus-clients-latest.tar.gz.
This version will become 3.0.8, hopefully soon.When there are " % "s in the table name, the record contents become the source of time for generating the destination table name.
All looks like it should work.  If you have problems with 3.0.7.18 send email !!!!
Carter

Sent from my iPad
On Dec 4, 2013, at 6:15 AM, Ricardo Dias <ricardo.dias at live.com> wrote:

Hello argus members.

I have been using argus for the last months and its been a really good experience.

In the past few weeks I've started to user rasqlinsert to store data in the mysql database with daily tables, I've created a service to start rasqlinsert upon boot, after argus, with the following statement:

"rasqlinsert -d -S localhost -m none -M time 1d -w mysql://root@localhost/argus/argus_%Y_%m_%d -s stime saddr sport daddr dport proto pkts"

When the service starts with creates the table just fine, but in the following days it doesn't create the respective tables and keeps storing all data in the same table when the service started. My first guess is that the date variables are static and the creation of new tables doesn't rely on the flow date time. But when I read the rasqlinser man it states otherwise: "rasqlinsert will generate table names based on time and insert its data relative to the timestamps found in the flow records it processes."

If I restart the rasqlinsert service the correct table for the day is created.

Can anyone give me a lead why this is happening?

By the way I'm using version argus 3.0.6.1 and rasqlinsert 3.0.6.2.

Thanks in advance!
Ricardo

Carter BullardCEO/PresidentQoSient, LLC150 E 57th Street Suite 12DNew York, New York  10022+1 212 588-9133 Phone+1 212 588-9134 Fax

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20131205/63ef2295/attachment.html>