Look in sql.c and mysql.c - for the traceEvent function - not to be picky or
anything - no, not me - but shouldn't that #ifndef DEBUG be #ifdef
DEBUG...for example:
void notifyTCPSession(IPSession *session, int actualDeviceId) {
HostTraffic *server, *client;
char dt1[32], dt2[32];
struct tm t;
char sqlBuf[BUF_SIZE];
if((session->initiatorIdx == NO_PEER) || (session->remotePeerIdx ==
NO_PEER))
return;
if(sqlSocket != -1) {
strftime(dt1, 32, "%Y-%m-%d %H:%M:%S", localtime_r(&session->firstSeen,
&t));
strftime(dt2, 32, "%Y-%m-%d %H:%M:%S", localtime_r(&session->lastSeen,
&t));
if(snprintf(sqlBuf, sizeof(sqlBuf), "INSERT INTO TCPsessions (Client,
Server, ClientPort, "
"ServerPort, DataSent, DataRcvd, FirstSeen, LastSeen)"
" VALUES ('%s', '%s', '%d', '%d', '%llu', '%llu', '%s',
'%s')",
client->hostNumIpAddress,
server->hostNumIpAddress,
session->sport,
session->dport,
(session->bytesSent),
(session->bytesRcvd),
dt1, dt2) < 0)
BufferOverflow();
#ifndef DEBUG
traceEvent(TRACE_INFO, "%s\n", sqlBuf);
#endif
sendto(sqlSocket, sqlBuf, strlen(sqlBuf), 0, (struct sockaddr *)&dest,
sizeof(dest));
}
#ifdef HAVE_MYSQL
mySQLnotifyTCPSession(session, actualDeviceId);
#endif
}
#2 how about grep -v
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Stuart Herd - IT Dept.
Sent: Wednesday, February 20, 2002 5:24 PM
To: '[EMAIL PROTECTED]'
Subject: [Ntop] how do i stop logging all mysql captures to syslog?
Hi All,
I have started using the mysql option to store all traffic to a database. I
now start ntop with:
ntop -P /var/log/ntop -m 172.19.0.0/16 -w 3000 -E -S 1 -r 240 -p
/usr/local/share/ntop/protocol -i eth1,eth0 -b localhost:4000 -d
Ntop version is from 021202 snapshot, compiled and installed with no
problems.
System is RH 7.1,
Unfortunately i have little experience with mysql and i don't know how to
stop it from logging every insert into the database. The logs are getting
huge! Here is an example of one of the messages.
"
Feb 20 18:08:36 ESPL062-000-001 ntop[20371]: INSERT INTO TCPsessions
(Client, Server, ClientPort, ServerPort, DataSent, DataRcvd, FirstSeen,
LastSeen) VALUES ('172.19.1.62', '172.19.17.1', '139', '3216', '60', '0',
'2002-02-20 17:57:55', '2002-02-20 17:57:55')
"
Ok, now question # 2
How do i strip the messages file of all lines that contain a common string -
i.e. INSERT INTO TCPsessions (Client, Server, ClientPort, ServerPort,
DataSent, DataRcvd, FirstSeen, LastSeen) ?
Thanks for any and all help!
Cheers!
PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message. If
you are not the addressee indicated in this message or the employee or agent
responsible for delivering it to the addressee, you are hereby on notice
that you are in possession of confidential and privileged information. Any
dissemination, distribution, or copying of this e-mail is strictly
prohibited. In such case, you should destroy this message and kindly notify
the sender by reply e-mail. Please advise immediately if you or your
employer do not consent to Internet email for messages of this kind.
Opinions, conclusions, and other information in this message that do not
relate to the official business of the sender's firm shall be understood as
neither given nor endorsed by it. E-mail cannot be guaranteed to be secure,
error free or free from viruses. Royal does not accept any liability
whatsoever for any loss or damage which may be caused as a result of the
transmission of this e-mail.
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
