rasqlinsert reading a sparse single source file
David Edelman
dedelman at iname.com
Sat Oct 5 15:35:19 EDT 2013
If I use ra -R * -w /tmp/somefile - host 1.2.3.4 to extract the records for
a single host over a few year period I end up with a file that I can read
with ra. In my case, there are about 900 flow records. There are only 277
dates where there is flow activity and my database tables are built based on
year_month_day.
If I use rasqlinsert -r /tmp/somefile I end up with all the correct table
built but most (not all) are empty. It doesn't look like an aggregation
problem and rasqlinsert knew that it had to create tables for each of the
277 dates.
Any thoughts? Any good -D parameters to enable? Carter, I can provide the
source file privately if that will help.
--Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20131005/b7f6afb4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6283 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20131005/b7f6afb4/attachment.bin>
More information about the argus
mailing list