Excluding the 'record' field when using with rasqlinsert

Carter Bullard carter at qosient.com
Mon Jun 24 11:06:36 EDT 2013


Hey Matt,
This is documented in the racluster() man page.  Anytime you use
the " -m <aggregation object> " option, you are doing general
aggregation, which is covered by racluster().  I'll put a 
statement to this effect in the rasqlinsert() man page.

We are having somes issues with 3.0.7.x rasqlinsert() at a few
sites, so if you are having problems, it may be related ( not
creating tables, not updated some flows).

I'm working these issues today, so if you run into a problem,
holler.  Hopefully it will be the same problem we're fixing.

Carter



On Jun 22, 2013, at 10:30 PM, Matt Brown <matthewbrown at gmail.com> wrote:

> Very cool, Dave... Thanks.
> 
> What does this 'matrix' guy do?  I couldn't find it in the docs.
> 
> 
> Thanks,
> 
> Matt
> 
> 
> 
> On Sat, Jun 22, 2013 at 12:18 AM, David Edelman <dedelman at iname.com> wrote:
> The magic incantation is   -M norec
> 
> This works fine for me:
> 
> /usr/local/bin/rasqlinsert -M time 1d -M cache  -S localhost:9603 -w
> mysql://argus@localhost/argus/testmatrix_%Y_%m_%d   -m srcid matrix proto -M
> norec -s ltime dur srcid saddr daddr smac dmac proto bytes
> 
> --Dave
> 
> -----Original Message-----
> From: argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu
> [mailto:argus-info-bounces+dedelman=iname.com at lists.andrew.cmu.edu] On
> Behalf Of Matt Brown
> Sent: Friday, June 21, 2013 5:05 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] Excluding the 'record' field when using with rasqlinsert
> 
> Hello,
> 
> I'd like to not have rasqlinsert add the record blob.  When I attempt
> to use '-record' I get a variety of interesting errors.
> 
> This is with client 3.0.7.10 (with or without the latest patched
> version of argus_util.c).
> 
> How do I exclude the 'record' field when using rasqlinsert?
> 
> 
> Thanks,
> 
> Matt
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130624/b0fa8f50/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130624/b0fa8f50/attachment.bin>


More information about the argus mailing list