Why sas das feature in rasqlinsert doesnot work?
Matt Brown
matthewbrown at gmail.com
Mon Jul 22 09:13:55 EDT 2013
I'm on my phone, but here is a shot at it...
`argus -r pcapped.pcap -w - | ralabel -f ralabel.conf -r - -w - -s +sas
+das | rasqlinsert -r /usr/a.argus -w mysql://root@localhost/argus/a -s
stime dur sas das dir`
See the man page of ralabel.
On Jul 22, 2013, at 8:52 AM, Rahimeh Khodadadi <rahimeh.khodadadi at gmail.com>
wrote:
Thanks Matt, the problem is here, I have a pcap file, I don't want to
capture traffic.
the radium is useless for my problem. I didnot get the second way. Can you
show me by an example
On Mon, Jul 22, 2013 at 4:56 PM, Matt Brown <matthewbrown at gmail.com> wrote:
> As far as I know, consider adding the labels sas and das in-line...
> Meaning, if you connect to the argus probe with radium, configure radium to
> label sas and das, then connect clients to radium. radium acts as a sort
> of buffer handler for things such as transferring argus data over the
> network.
>
> Or you can use ralabel to connect to argus, then use stdout of ralabel to
> stdin of rasqlinsert.
>
>
>
> On Jul 22, 2013, at 8:12 AM, Rahimeh Khodadadi <
> rahimeh.khodadadi at gmail.com> wrote:
>
> Thanks carter, but I want to insert to database, I use this command:
>
> rasqlinsert -r /usr/a.argus -w mysql://root@localhost/argus/a -s stime
> dur sas das dir
>
>
> On Mon, Jul 22, 2013 at 4:34 PM, Carter Bullard <carter at qosient.com>wrote:
>
>> Use ralabel() to add origin AS numbers to flows using the GeoIP database.
>> Radium, which is a flow labeler, can do this as it collects flow records.
>>
>> Carter
>>
>> On Jul 22, 2013, at 7:46 AM, Rahimeh Khodadadi <
>> rahimeh.khodadadi at gmail.com> wrote:
>>
>> > Hi,
>> >
>> > I need the two features sas and das of traffic, but their value is 0.
>> > Please help
>> >
>> > --
>> > With Best Regards
>> > Rahimeh Khodadadi
>> >
>>
>
>
>
> --
> With Best Regards
> Rahimeh Khodadadi
>
>
--
With Best Regards
Rahimeh Khodadadi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130722/265d135d/attachment.html>
More information about the argus
mailing list