166
Chapter 5     Using Snort with MySQL
  The data table contains the payload for each packet that triggers an alert.
  The detail table contains information about how much detail is logged with a
packet. By default it has only two rows. The first row is  fast  and the second
one is  full . You can think of this information as the logging mode described
in previous chapters.
  The encoding table shows the types of encoding used when logging data
packets. By default it contains three types of logging: hex, base64 and ASCII. 
  The event table lists all events and stores a timestamp for these events.
  The icmphdr table contains information about the ICMP header of packets that
are logged into the database. It contains information including ICMP type,
ICMP code, ICMP ID, ICMP sequence number and so on. For more
information about ICMP headers, refer to RFC 792 and Appendix C.
  The iphdr table contains all fields of the IP header for logged data packets. The
information includes source and destination IP addresses, IP protocol version, IP
header length, type of service (TOS) value, time to live (TTL) value and so on.
More information about IP headers can be found in RFC 791 and Appendix C.
  The opt table contains options.
  The reference and reference_system tables contain information about reference
sites used to get more information about a vulnerability. This is the same
information that is used inside Snort rules using the ref keyword as discussed in
Chapter 3.
  The schema tables shows the version of database schema.
  The sensor table contains information about different sensors that are logging
data to the Snort database. If there is only one Snort sensor, the table contains
only one row. Similarly, the table contains one row for each sensor.
  The sig_class contains information about different classes of Snort rules as
discussed in Chapter 3. As an example, it contains entries like  attempted 
recon ,  misc attack  and so on.
  The sig_reference table links signatures to different online reference sites.
  The signature table contains information about signatures that generated alerts.
  The tcphdr table contains information about the TCP header of a packet, if the
logged packet is of TCP type. For more information about TCP header, refer to
RFC 793 and Appendix C.
  The udphdr table contains information about UDP header part of the packet if
the logged packet is of UDP type. This information contains UDP source and
destination ports, length and checksum. For more information about UDP
header, refer to RFC 768 and Appendix C.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved