On Thu, Aug 17, 2006 at 10:31:40AM -0400, Camilo Viecco wrote:
>
> So steps:
> 1. find the process you are interested in: select sensor_id,process_id
> from sys_read where ****YOUR_CRITERIA_HERE***
> 2. find the sockets related to such process... (maybe you are lucky):
> select sensor_id,argus_id from sys_socket where process_id= (your
> previous result)
> 3. if there are sockets, you can use the argus_id to query the argus
> table for the information (you can actually mix all this in just one
> large query if you are using a more recent version on mysql)
> 4. if unsuccessful AND you know that the activity of interest is related
> to a network connection
> find the parent process id: select * from process_tree where
> child_process_id=your_current_process_id_of_interest
> 5 use this new information go to step 2... (iterate until you get
> tired/or find the answer/or find to many answers)
>
Exactly what I was looking for. Thanks a million. (And a late thanks
for the tip on DB purging).
-troy
Received on Aug 18 2006
Intro
