Excluding the 'record' field when using with rasqlinsert
Carter Bullard
carter at qosient.com
Mon Jun 24 11:06:36 EDT 2013
Hey Matt,
This is documented in the racluster() man page. Anytime you use
the " -m <aggregation object> " option, you are doing general
aggregation, which is covered by racluster(). I'll put a
statement to this effect in the rasqlinsert() man page.
We are having somes issues with 3.0.7.x rasqlinsert() at a few
sites, so if you are having problems, it may be related ( not
creating tables, not updated some flows).
I'm working these issues today, so if you run into a problem,
holler. Hopefully it will be the same problem we're fixing.
Carter
On Jun 22, 2013, at 10:30 PM, Matt Brown <matthewbrown at gmail.com> wrote:
> Very cool, Dave... Thanks.
>
> What does this 'matrix' guy do? I couldn't find it in the docs.
>
>
> Thanks,
>
> Matt
>
>
>
> On Sat, Jun 22, 2013 at 12:18 AM, David Edelman <dedelman at iname.com> wrote:
> The magic incantation is -M norec
>
> This works fine for me:
>
> /usr/local/bin/rasqlinsert -M time 1d -M cache -S localhost:9603 -w
> mysql://argus@localhost/argus/testmatrix_%Y_%m_%d -m srcid matrix proto -M
> norec -s ltime dur srcid saddr daddr smac dmac proto bytes
>
> --Dave
>
> -----Original Message-----
> From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
> [mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On
> Behalf Of Matt Brown
> Sent: Friday, June 21, 2013 5:05 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] Excluding the 'record' field when using with rasqlinsert
>
> Hello,
>
> I'd like to not have rasqlinsert add the record blob. When I attempt
> to use '-record' I get a variety of interesting errors.
>
> This is with client 3.0.7.10 (with or without the latest patched
> version of argus_util.c).
>
> How do I exclude the 'record' field when using rasqlinsert?
>
>
> Thanks,
>
> Matt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130624/b0fa8f50/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130624/b0fa8f50/attachment.bin>
More information about the argus
mailing list