[Flow-tools] New to the list, mysql troubles
Barry Murphy
barry at unix.co.nz
Fri Nov 7 00:34:44 EST 2008
Sorry for replying to myself :)
So I went with the following, could this be altered to be better?
Also how do I get flow-capture to save direct to mysql rather than needing
to run it periodically ?
CREATE TABLE `flows` (
`UNIX_SECS` int(32) unsigned NOT NULL default '0',
`UNIX_NSECS` int(32) unsigned NOT NULL default '0',
`SYSUPTIME` int(20) NOT NULL,
`EXADDR` varchar(16) NOT NULL,
`DPKTS` int(32) unsigned NOT NULL default '0',
`DOCTETS` int(32) unsigned NOT NULL default '0',
`FIRST` int(32) unsigned NOT NULL default '0',
`LAST` int(32) unsigned NOT NULL default '0',
`ENGINE_TYPE` int(10) NOT NULL,
`ENGINE_ID` int(15) NOT NULL,
`SRCADDR` varchar(16) NOT NULL default '0',
`DSTADDR` varchar(16) NOT NULL default '0',
`NEXTHOP` varchar(16) NOT NULL default '0',
`INPUT` int(16) unsigned NOT NULL default '0',
`OUTPUT` int(16) unsigned NOT NULL default '0',
`SRCPORT` int(16) unsigned NOT NULL default '0',
`DSTPORT` int(16) unsigned NOT NULL default '0',
`PROT` int(8) unsigned NOT NULL default '0',
`TOS` int(2) NOT NULL,
`TCP_FLAGS` int(8) unsigned NOT NULL default '0',
`SRC_MASK` int(8) unsigned NOT NULL default '0',
`DST_MASK` int(8) unsigned NOT NULL default '0',
`SRC_AS` int(16) unsigned NOT NULL default '0',
`DST_AS` int(16) unsigned NOT NULL default '0'
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
Thanks
Barry
On Fri, 07 Nov 2008 16:46:07 +1300, Barry Murphy <barry at unix.co.nz> wrote:
> Hey Guys,
>
> Very new to netflow and testing it using a j2320 and flow-tools. I've got
> as far as receiving the messages, however mysql export doesn't seem to
> work
> very well and there is not much documentation that I can find.
>
> [root at test /var/db/flows]# flow-export -f 3 -d 1 -u
> "barry_user:pass:x.x.x.x:3306:barry_user:flows" <
> ft-v05.2008-11-06.174501+1300
>
field=unix_secs,unix_nsecs,sysuptime,exaddr,dpkts,doctets,first,last,engine_type,engine_id,srcaddr,dstaddr,nexthop,input,output,srcport,dstport,prot,tos,tcp_flags,src_mask,dst_mask,src_as,dst_as
>
>
val=1226022454,0,3170693914,"113.21.224.33",1,59,3170652214,3170652214,0,0,"60.234.24.30","60.234.24.29","60.234.24.29",0,22,57778,179,6,192,24,32,30,24466,24466
> query=INSERT INTO
>
flows(unix_secs,unix_nsecs,sysuptime,exaddr,dpkts,doctets,first,last,engine_type,engine_id,srcaddr,dstaddr,nexthop,input,output,srcport,dstport,prot,tos,tcp_flags,src_mask,dst_mask,src_as,dst_as)
> VALUES
>
(1226022454,0,3170693914,"113.21.224.33",1,59,3170652214,3170652214,0,0,"60.234.24.30","60.234.24.29","60.234.24.29",0,22,57778,179,6,192,24,32,30,24466,24466)
> flow-export: mysql_real_query(): Table 'barry_user.flows' doesn't exist
> flow-export: processed 1 flows
> sys: seconds=0.021 flows/second=45.850527
> wall: seconds=0.017 flows/second=58.664789
> flow-export: Exported 1 records
> [root at test /var/db/flows]#
>
> Can someone point me in the right direction for getting this data into
> mysql, I cant seem to find a mysql scheme to insert into the database.
>
> Thanks
> Barry
>
> _______________________________________________
> Flow-tools mailing list
> flow-tools at splintered.net
> http://mailman.splintered.net/mailman/listinfo/flow-tools
More information about the Flow-tools
mailing list