Making Snort Work with MySQL
167
If you are wondering about the structure of each table, you can display different
fields in each table. The following command shows the structure of the iphdr table:
mysql> describe iphdr;
+          +                      +      +     +         +       +
| Field    | Type                 | Null | Key | Default | Extra |
+          +                      +      +     +         +       +
| sid      | int(10) unsigned     |      | PRI | 0       |       |
| cid      | int(10) unsigned     |      | PRI | 0       |       |
| ip_src   | int(10) unsigned     |      | MUL | 0       |       |
| ip_dst   | int(10) unsigned     |      | MUL | 0       |       |
| ip_ver   | tinyint(3) unsigned  | YES  |     | NULL    |       |
| ip_hlen  | tinyint(3) unsigned  | YES  |     | NULL    |       |
| ip_tos   | tinyint(3) unsigned  | YES  |     | NULL    |       |
| ip_len   | smallint(5) unsigned | YES  |     | NULL    |       |
| ip_id    | smallint(5) unsigned | YES  |     | NULL    |       |
| ip_flags | tinyint(3) unsigned  | YES  |     | NULL    |       |
| ip_off   | smallint(5) unsigned | YES  |     | NULL    |       |
| ip_ttl   | tinyint(3) unsigned  | YES  |     | NULL    |       |
| ip_proto | tinyint(3) unsigned  |      |     | 0       |       |
| ip_csum  | smallint(5) unsigned | YES  |     | NULL    |       |
+          +                      +      +     +         +       +
14 rows in set (0.00 sec)
mysql> 
For people who want to go into details of how data is stored, database schema pro 
vides great information. You can view complete database schema at http://www.inci 
dent.org/snortdb/.
5.1.5.1
Creating Extra Tables
When you are using some other programs with database and Snort to map service
numbers to service names, additional mapping information is needed. For example,
TCP port 23 is used for Telnet. However the tcphdr table contains only the port number,
not the textual description. If you want to display source and destination ports as text
 Telnet port  instead of  23 , you need this information. Snort comes with an addi 
tional script that adds more tables and populates them with this information. To create
these extra tables, get snortdb extra.zip file in the contrib directory and
unzip it. Use the following command to create the additional tables and add data to
them.
[root@laptop]# mysql  h localhost  u rr  p snort < contrib/
snortdb extra 
Enter password: 
[root@laptop]# 






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved