Excluding the 'record' field when using with rasqlinsert
David Edelman
dedelman at iname.com
Sun Jun 23 05:31:32 EDT 2013
Matrix is source and destination addresses taken as a pair.
--Dave
From: Matt Brown [mailto:matthewbrown at gmail.com]
Sent: Saturday, June 22, 2013 10:31 PM
To: David Edelman
Cc: argus-info at lists.andrew.cmu.edu
Subject: Re: [ARGUS] Excluding the 'record' field when using with
rasqlinsert
Very cool, Dave... Thanks.
What does this 'matrix' guy do? I couldn't find it in the docs.
Thanks,
Matt
On Sat, Jun 22, 2013 at 12:18 AM, David Edelman <dedelman at iname.com
<mailto:dedelman at iname.com> > wrote:
The magic incantation is -M norec
This works fine for me:
/usr/local/bin/rasqlinsert -M time 1d -M cache -S localhost:9603 -w
mysql://argus@localhost/argus/testmatrix_%Y_%m_%d -m srcid matrix proto -M
norec -s ltime dur srcid saddr daddr smac dmac proto bytes
--Dave
-----Original Message-----
From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
<mailto:iname.com at lists.andrew.cmu.edu>
[mailto:argus-info-bounces+dedelman <mailto:argus-info-bounces%2Bdedelman>
=iname.com at lists.andrew.cmu.edu <mailto:iname.com at lists.andrew.cmu.edu> ] On
Behalf Of Matt Brown
Sent: Friday, June 21, 2013 5:05 PM
To: argus-info at lists.andrew.cmu.edu <mailto:argus-info at lists.andrew.cmu.edu>
Subject: [ARGUS] Excluding the 'record' field when using with rasqlinsert
Hello,
I'd like to not have rasqlinsert add the record blob. When I attempt
to use '-record' I get a variety of interesting errors.
This is with client 3.0.7.10 (with or without the latest patched
version of argus_util.c).
How do I exclude the 'record' field when using rasqlinsert?
Thanks,
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130623/543bbf47/attachment.html>
More information about the argus
mailing list