Time specification bug with rasql

Carter Bullard carter at qosient.com
Mon Sep 9 10:08:38 EDT 2013 

Hey Jesse,
I normally do it this way:
   ra -t -1y+1y

ra[65328.80316477ff7f0000]: 2013/09/09.10:07:22.467831 ArgusParseTime (0x105bef000, 0x105bef148, 0x105bef1b8, "-1y", ' ', 0.000000) retn year(1378735642)
ra[65328.80316477ff7f0000]: 2013/09/09.10:07:22.467877 ArgusParseTime (0x105bef000, 0x105bef180, 0x105bef148, "1y", '+', 0.000000) retn year(1357012800)
ra[65328.80316477ff7f0000]: 2013/09/09.10:07:22.467909 ArgusCheckTimeFormat (0x105bef1b8, -1y+1y) 1357012800.000000-1357016400.000000
ra[65328.80316477ff7f0000]: 2013/09/09.10:07:22.467920 ArgusParseTimeArg (-1y+1y, 4, 0x105bef1b8)
ra[65328.80316477ff7f0000]: 2013/09/09.10:07:22.467940 ArgusCalloc (1, 461752) returning 0x5d13000
ra[65328.80316477ff7f0000]: 2013/09/09.10:07:22.467958 ArgusAddFileList (0x5bef000, -, 1, -1, -1) returning 1


Yes, there does seem to be a bug.  When I type this, I get that:

ra -D8 -t 2013   
ra[65313.80316477ff7f0000]: 2013/09/09.10:05:43.174941 ArgusParseTime (0x108c23000, 0x108c23148, 0x108c23180, "2013", ' ', 0.000000) retn year(2013)
ra[65313.80316477ff7f0000]: 2013/09/09.10:05:43.174986 ArgusCheckTimeFormat (0x108c231b8, 2013) 2013.000000-31538013.000000
ra[65313.80316477ff7f0000]: 2013/09/09.10:05:43.174999 ArgusParseTimeArg (2013, 4, 0x108c231b8)
ra[65313.80316477ff7f0000]: 2013/09/09.10:05:43.175018 ArgusCalloc (1, 461752) returning 0x8d47000
ra[65313.80316477ff7f0000]: 2013/09/09.10:05:43.175036 ArgusAddFileList (0x8c23000, -, 1, -1, -1) returning 1

So, let me fix that.

Carter



On Sep 8, 2013, at 10:10 PM, Jesse Bowling <jessebowling at gmail.com> wrote:

> Hi,
> 
> I noticed that while using a table created with:
> 
> rasqlinsert -m saddr -s "saddr stime ltime" -S localhost -w mysql://argus@localhost/argusip/aip_%Y_%m_%d -M time 1d drop rmon -d
> 
> I can successfully query for a particular address on a particular day:
> 
> # rasql -M time 1d sql="saddr='10.10.10.2'" -r mysql://argus@localhost/argusip/aip_%Y_%m_%d -t 2013/09/08
>            SrcAddr                StartTime                 LastTime 
>         10.10.10.2 09/08/13 22:03:35.896662 09/08/13 22:03:35.896662
> 
> also for a particular month:
> 
> # rasql -M time 1d sql="saddr='10.10.10.2'" -r mysql://argus@localhost/argusip/aip_%Y_%m_%d -t 2013/09
>            SrcAddr                StartTime                 LastTime 
>         10.10.10.2 09/08/13 22:03:35.896662 09/08/13 22:03:35.896662
> 
> However, when I query for the year, I get no results:
> 
> # rasql -M time 1d sql="saddr='10.10.10.2'" -r mysql://argus@localhost/argusip/aip_%Y_%m_%d -t 2013
> #
> 
> Running with debug mode, it appears that it's looking for my IP in 1970...
> 
> rasql[28545.c0f750b02a7f0000]: 09/08/13 22:08:10.298650 SQL Query SELECT record from aip_1970_01_01 WHERE saddr='10.10.10.2'
> 
> Seems like a bug...
> 
> Cheers,
> 
> Jesse
> 
> -- 
> Jesse Bowling
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130909/f8b97e3d/attachment.bin>

More information about the argus mailing list