Why sas das feature in rasqlinsert doesnot work?

Matt Brown matthewbrown at gmail.com
Mon Jul 22 10:15:57 EDT 2013


Typo fixed:

`argus -r pcapped.pcap -w - | ralabel -f ralabel.conf -r - -w - -s +sas
+das | rasqlinsert -r - -w mysql://root@localhost/argus/a  -s stime dur sas
das dir`


Thanks,

Matt


On Jul 22, 2013, at 9:13 AM, Matt Brown <matthewbrown at gmail.com> wrote:

I'm on my phone, but here is a shot at it...

`argus -r pcapped.pcap -w - | ralabel -f ralabel.conf -r - -w - -s +sas
+das | rasqlinsert -r /usr/a.argus -w mysql://root@localhost/argus/a  -s
stime dur sas das dir`

See the man page of ralabel.



On Jul 22, 2013, at 8:52 AM, Rahimeh Khodadadi <rahimeh.khodadadi at gmail.com>
wrote:

Thanks Matt, the problem is here, I have a pcap file, I don't want to
capture traffic.
the radium is useless for my problem. I didnot get the second way. Can you
show me by an example


On Mon, Jul 22, 2013 at 4:56 PM, Matt Brown <matthewbrown at gmail.com> wrote:

> As far as I know, consider adding the labels sas and das in-line...
> Meaning, if you connect to the argus probe with radium, configure radium to
> label sas and das, then connect clients to radium.  radium acts as a sort
> of buffer handler for things such as transferring argus data over the
> network.
>
> Or you can use ralabel to connect to argus, then use stdout of ralabel to
> stdin of rasqlinsert.
>
>
>
> On Jul 22, 2013, at 8:12 AM, Rahimeh Khodadadi <
> rahimeh.khodadadi at gmail.com> wrote:
>
> Thanks carter, but I want to insert to database, I use this command:
>
> rasqlinsert -r /usr/a.argus -w mysql://root@localhost/argus/a  -s stime
> dur sas das dir
>
>
> On Mon, Jul 22, 2013 at 4:34 PM, Carter Bullard <carter at qosient.com>wrote:
>
>> Use ralabel() to add origin AS numbers to flows using the GeoIP database.
>>  Radium, which is a flow labeler, can do this as it collects flow records.
>>
>> Carter
>>
>> On Jul 22, 2013, at 7:46 AM, Rahimeh Khodadadi <
>> rahimeh.khodadadi at gmail.com> wrote:
>>
>> > Hi,
>> >
>> > I need the two features sas and das of traffic, but their value is 0.
>> > Please help
>> >
>> > --
>> > With Best Regards
>> > Rahimeh Khodadadi
>> >
>>
>
>
>
> --
> With Best Regards
> Rahimeh Khodadadi
>
>


-- 
With Best Regards
Rahimeh Khodadadi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130722/7f835c7e/attachment.html>


More information about the argus mailing list