|This causes rasqlinsert to use the database table as its persistent cache store. This mechanism is used to control memory use when dealing with large amounts of data and flow keys.|
This causes rasqlinsert to drop any pre-existing database table that
has the same name as the target table name, on startup.
This invocation writes aggregated argus(8) data from the file into a database table. The standard 5-tuple fields, saddr daddr proto sport dport are used as keys for each entry. rasqlinsert will aggregate all the data prior to inserting the data into the database:Because aggregation can require a lot of memory, rasqlinsert provides an option -M cache to have rasqlinsert use the database table as the persistent cache store for the aggregation. With this example, the standard 5-tuple fields, rasqlinsert will aggregate data over short spans of time as it reads the data from the file, and then commit the data to the database. If additional data arrives that matches that unique flow, rasqlinsert will fetch the entry from the database, aggregate, and then update the data entry in the database.
rasqlinsert -r file -w mysql://user@localhost/db/table
rasqlinsert can provide the same function for streaming data read directly from an argus data source. This allows rasqlinsert to reassemble all status records for an individual flow, such that the resulting table has only a single entry for each communciation relationship seen.
rasqlinsert -M cache -r file -w mysql://user@localhost/db/table
rasqlinsert -M cache -S argus -w mysql://user@localhost/db/tableThis invocation writes argus(8) data from the file into a database table, without aggregation, by specifying no relational key in the data.rasqlinsert -m none -r file -w mysql://user@localhost/db/tableThis invocation writes argus(8) data from the stream into a database table, without modification.This invocation writes argus(8) data from the stream into a daily database table, without modification. rasqlinsert will generate table names based on time and insert its data relative to the timestamps found in the flow records it processes. In this specific example, "-M time 1d" specifies daily tables.
rasqlinsert -m none -S argus -w mysql://user@localhost/db/table
rasqlinsert -m none -S argus -w mysql://user@localhost/db/table_%Y_%m_%d -M time 1d
Copyright (c) 2000-2014 QoSient. All rights reserved.
Carter Bullard (firstname.lastname@example.org).
|rasqlinsert 3.0.8||RASQLINSERT (1)||12 August 2009|